If has been discovered that a un-patched Apple Mac bug which has been known for a least 5 months allows malicious attackers to gain access to Mac systems as a super user with root access.
The bug within the Mac OS X was first reported by in March as is an authentication bypass vulnerability and resides in a Unix component known as sudo.
Access can be granted to hackers by simply resetting the clock on Mac systems to January 1, 1970, which is known in the computing circles as the Unix epoch, says Ars Technica.
However is you own a Mac system don’t get to worried just yet as there are a number of criterion that need to be met before access is granted. The Ars Tecnica website explains:
“For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can’t be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware.”
Lets hope that Apple finds a solution for the problem and issues a patch that can stop such an attack from happening. HD Moore, the founder of the Metasploit project and the chief research officer at security firm Rapid7 explained in an interview with Ars Technica:
“The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit,”-“I believe Apple should take this more seriously but am not surprised with the slow response given their history of responding to vulnerabilities in the open source tools they package.”
Source:Filed Under: Apple, Technology News, Top News