OS X Vulnerability Can Allow Superuser Access to Unauthorized Users

by

FilevaultUsers looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.

The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable.

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn't mean it's a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.

Most of the recent exploits in Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities, though Apple did release a standalone malware removal tool to help clean machines that were affected by a number of Java vulnerabilities.

OS X has been targeted more in recent years as it has gained in popularity. The Janicab.A malware was discovered last month, while another program called macs.app was discovered in May. That app captured and stored screenshots.

Popular Stories

Aston Martin CarPlay Ultra Screen

Apple's CarPlay Ultra to Expand to These Vehicle Brands Later This Year

Sunday February 1, 2026 10:08 am PST by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly nine months later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. In his Powe...
Read Full Article88 comments
iOS 26

iOS 26.3 and iOS 26.4 Will Add These New Features to Your iPhone

Tuesday February 3, 2026 7:47 am PST by
We are still waiting for the iOS 26.3 Release Candidate to come out, so the first iOS 26.4 beta is likely still at least a week or two away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April. Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far. iOS 26.3 iPhone to Android Transfer Tool iOS 26.3 makes it easier...
Read Full Article30 comments
Apple Logo Black

Apple's Next Launch is 'Imminent'

Sunday February 1, 2026 12:31 pm PST by
The calendar has turned to February, and a new report indicates that Apple's next product launch is "imminent," in the form of new MacBook Pro models. "All signs point to an imminent launch of next-generation MacBook Pros that retain the current form factor but deliver faster chips," Bloomberg's Mark Gurman said on Sunday. "I'm told the new models — code-named J714 and J716 — are slated...
Read Full Article
Apple MacBook Pro M4 hero

New MacBook Pros Reportedly Launching Alongside macOS 26.3

Sunday February 1, 2026 5:42 am PST by
Apple is planning to launch new MacBook Pro models with M5 Pro and M5 Max chips alongside macOS 26.3, according to Bloomberg's Mark Gurman. "Apple's faster MacBook Pros are planned for the macOS 26.3 release cycle," wrote Gurman, in his Power On newsletter today. "I'm told the new models — code-named J714 and J716 — are slated for the macOS 26.3 software cycle, which runs from...
Read Full Article141 comments
iOS 26 Home Feature

Apple Gives Final Warning to Home App Users

Tuesday February 3, 2026 8:55 am PST by
In 2022, Apple introduced a new Apple Home architecture that is "more reliable and efficient," and the deadline to upgrade and avoid issues is fast approaching. In an email this week, Apple gave customers a final reminder to upgrade their Home app by February 10, 2026. Apple says users who do not upgrade may experience issues with accessories and automations, or lose access to their smart...
Read Full Article64 comments

Top Rated Comments

batchtaster Avatar
batchtaster
162 months ago
Since this is a "flaw" (to the extent it has been described) in sudo, it's not Mac-specific. Other flavors of UNIX are also affected. But it's more fun and gets more hits and attention when you call it an "OS X Vulnerability", as if it's Apple's mistake or fault and not due to an issue (if that's what it is) in one of several hundred non-Apple projects (http://www.sudo.ws).
Score: 10 Votes (Like | Disagree)
sjinsjca Avatar
sjinsjca
162 months ago
"I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.

Admin != root
Score: 8 Votes (Like | Disagree)
pdjudd Avatar
pdjudd
162 months ago
I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
Admin and root are two different levels of access. You can do some things with root that you cannot do with admin. Root is the deepest access one can have - but it's not really the goal of most hackers. An administrator account is probably the most that an attacker really needs since they can pretty much do anything they need with that account.

So an exploit that needs admin rights access and one that rehires you to have used sudo isn't one that is high priority. The number of users that run sudo at all is really small, and from a security standpoint, if you have admin rights, all security goes out the window. In other words, you don't have security.
Score: 8 Votes (Like | Disagree)
mikethebigo Avatar
mikethebigo
162 months ago
Sudo make me a sandwich.
Score: 6 Votes (Like | Disagree)
RabidMacFan Avatar
RabidMacFan
162 months ago
You don't need to run metasploit to exploit this bug.

The following command should give you root if you are logged in to OS X as an Administrator and have used the "sudo" command at least once in the past. It will also set your system clock to 01/01/1970.

sudo -k
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo su

To set your system clock back to normal, go into the System Preferences and set the time and time zone back to the way it was.

To prevent somebody from abusing this attack, you will need to run the following command after every time you use the sudo command, until it gets patched.
sudo -K
Score: 6 Votes (Like | Disagree)
Dalton63841 Avatar
Dalton63841
162 months ago
"For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past."

I'm not too sure why a user who already has admin access would bother using an exploit to gain admin privilege - an access level he already has.
What it is saying is that if an attacker already has access to your machine, AND you are on an administrator account, AND you have opened Terminal and used sudo, THEN they could maybe gain root access to your account.
Score: 6 Votes (Like | Disagree)
Read All Comments