Researcher unveils new privilege vulnerability in Apple's Mac OS X

ZDNet Zero Day ^ | July 22, 2015 | By Charlie Osborne

[Swordmaker]

A new vulnerability, already fixed in the new OS X.11 El Capitan, still exists in OS X.10.4 and the seeded OS X.10.5 Yosemite that allows user privilege escalation. There are no exploits in the wild yet, and if there are it requires physical possession of the target computer and Administrative access. Pretty much of a non-issue for most Mac users. — PING!

Apple Mac OS X Security Alert Ping!

If you want on or off the Mac Ping List, Freepmail me.

[dayglored]

> it requires physical possession of the target computer and Administrative access.

Okay, I'm stupid. I MUST be stupid because:

1. Physical possession of a computer is GAME OVER for all computers. Period. That's common knowledge.

2. Requires Administrative access, and THEN it "allows user privilege escalation"... you don't need an additional vuln. What am I not understanding here?

If you already have Admin access, you can do anything you want on the computer including give other normal users admin privilege.

Where's the story here?

[dayglored]

Help on version designations.

> till exists in OS X.10.4 and the seeded OS X.10.5 Yosemite

Don't you mean "OS X 10.10.4 and ... OS X 10.10.5 Yosemite"?

[PA Engineer]

Where's the story here?

I think it applies to the usual suspects.

Those that have a printed copy of the admin password under their desk blotter.

[Swordmaker]

Don't you mean "OS X 10.10.4 and ... OS X 10.10.5 Yosemite"?

Nope. OS X 10.10.4 etc. is redundant. The name of Apple's operating system for the Mac is pronounced "OS Ten" the X is "ten", as in Roman numeral Ten. It's also a visual pun on UniX and NeXT.

• El Capitan will be OS X.11
• Yosemite is OS X.10
• Mavericks was OS X.9
• Mountain Lion was OS X.8
• Lion was OS X.7
• Snow Leopard was OS X.6
• Leopard was OS X.5
• Tiger was OS X.4
• Panther was OS X.3
• Jaguar was OS X.2
• Puma was OS X.1
• Cheetah was OS X

That are all called OS X, OS "TEN". . . but, it's never pronounced OS "EKS".

[Swordmaker]

Requires Administrative access, and THEN it "allows user privilege escalation"... you don't need an additional vuln. What am I not understanding here?

If you already have Admin access, you can do anything you want on the computer including give other normal users admin privilege.

What you're missing is that on a Mac, the Administrator account is not the highest level access. While I t's still limited, requiring name and password to do things and some things are still prohibited, the ROOT user is above Administrator level.

This vulnerability allows an admin to escalate his privileges by being able to open and write to ROOT-access-only files with impunity, regardless of what permissions are set on those files. That includes the files establishing who has access to what files, including ROOT files and who is a ROOT user! Privilege escalation from Admin to ROOT! Of course, on a Mac, the original Admin can create the first ROOT user and establish the ROOT password, so again, for most Mac users, this vulnerability is moot, because they could already do what it gives them the ability to do.

For some very limited number of Macs (I have trouble thinking of any, but it's possible) where an owner, who is the only one who knows the ROOT user name and password, has given admin privileges to one or two admins and some other users have only standard privileges, it might be a threat if one of the admins is too trustworthy. The it's an Oops!

[Dr. Sivana]

That are all called OS X, OS "TEN". . . but, it's never pronounced OS "EKS".

It may not be an approved pronunciation, but I guarantee you that it is pronounced OH-ESS-EKS all of the time!

[Moltke]

That’s certainly what Malcom Ten calls it!

[IncPen]

Democrats ask, “Is this white privilege?”

[mad_as_he$$]

Another sign of a cult. Inventing your own secret language.

[Swordmaker]

It may not be an approved pronunciation, but I guarantee you that it is pronounced OH-ESS-EKS all of the time!

Not that I have heard. . . and that is not what Apple calls it. They've specifically use OS TEN in every comment they've spoken aloud about it. Only those who don't know use the wrong pronunciation. Even the numbering system is explained that way. It followed MacOS 9.

Steve Jobs announced it as OS TEN and never ever called it OS EKS.

[Swordmaker]

Another sign of a cult. Inventing your own secret language.

Tell that to the Romans.

[mad_as_he$$]

You mean the few that survived the demise of their cult? If I can find one I will.

[Swordmaker]

OS X ( /oʊ ˌɛs ˈtɛn/), formerly Mac OS X, is a series of Unix-based graphical interface operating systems developed, marketed, and sold by Apple Inc. OS X is designed to run exclusively on Macintosh computers, having been pre-loaded on all Macs since 2002. OS X, whose X is the Roman numeral for 10 and is a prominent part of its brand identity, is built on technologies developed at NeXT between the second half of the 1980s and Apple's purchase of the company in late 1996. It was the successor to Mac OS 9, released in 1999, the final release of the "classic" Mac OS, which had been Apple's primary operating system since 1984. Apple also uses 'X' in 'OS X' to emphasize the relatedness between OS X and UNIX. Definition of OS X from FreeBase

You can also just ask your Mac. Open the Terminal App and type "Say OS X" and it will respond: "OS TEN". That's pretty definitive.

[Dr. Sivana]

Regardless of what the official pronunciation is, people say OH-ESS-ECKS all of the time. That’s a fact, just as people say Mizzuruh and Fujickle despite different pronunciations promulgated by authoritative sources.

[Dr. Sivana]

Regardless of what the official pronunciation is, people say OH-ESS-ECKS all of the time. That’s a fact, just as people say Mizzuruh and Fujickle despite different pronunciations promulgated by authoritative sources.

[Swordmaker]

Regardless of what the official pronunciation is, people say OH-ESS-ECKS all of the time. That’s a fact, just as people say Mizzuruh and Fujickle despite different pronunciations promulgated by authoritative sources.

And some people pronounce nuclear, "nukyuler," including a particular past President who shall go W'less. That doesn't make it correct.

Ignorance is it's own punishment. Thank God it's curable.

[sargon]

(This vulnerability requires physical possession of the computer, and local Administrator access. It cannot be accomplished remotely or by a standard user. — Swordmaker)

Well then, that's a tempest in a teapot...

[Swordmaker]

Well then, that's a tempest in a teapot...

Most of these are. . . and this one is particularly more of a tempest in a teacup, because anyone who has Admin privileges generally has the ability to create a ROOT user and password. It would be a very rare instance where they would not on a Mac. I can think of some instances where that MIGHT occur, but they'd be very rare on a single Mac. Usually anyone granted Admin privileges would have that ability. . . or they'd not even be trusted with Admin. Any other situations would be on networked Macs, and then it's highly unlikely that any single Mac user would have Admin privileges. Those would be with the Network Admin who'd also have ROOT access. This just is such a rara avis to be anything but only of interest to system programers because it DOES need to be plugged up.