Researcher unveils new privilege vulnerability in Apple's Mac OS X

ZDNet Zero Day ^ | July 22, 2015 | By Charlie Osborne

[Dr. Sivana]

Regardless of what the official pronunciation is, people say OH-ESS-ECKS all of the time. That’s a fact, just as people say Mizzuruh and Fujickle despite different pronunciations promulgated by authoritative sources.

[BlueLancer]

Oh, so THAT’S the “white privilege” that they’ve been talking about ...

[dayglored]

Oh, I knew that root is above administrative users (and that there is no user called Administrator unless you feel like making one). I think of it like this:

• Users with sudo priv can become root.
• Regular user accounts have no sudo priv.
• Administrative user accounts have sudo priv, and have certain other admin rights, but normally operate as regular users. For example, I'm an admin user on my Mac but I can't read /etc/sudoers unless I invoke sudo.
• The user "root" -- uid 0 -- can do anything that can be done. And there's only one "root" user -- admin users with sudo can change their effective uid to 0 (/etc/sudoers "%admin ALL=(ALL) ALL"), but there are not multiple "root" users.

What I meant by "What am I not understanding here?" was more like... "What's the big deal, because anyone with admin access can sudo already."

[Swordmaker]

What I meant by "What am I not understanding here?" was more like... "What's the big deal, because anyone with admin access can sudo already."

You got it. . . but in OS X one of those admin users can be first to create the ROOT user account—it's turned off by default—and give it a user name and password known only to him, at which point, any one trying to use sudo will encounter a requester demanding entry of that ROOT account name and password before it continues to do anything.

That admin who created the account can log in as the Super User and act as God of this computer and the other admins could do nothing to take back control. . . well there are ways, but drastic using the restore process if the Super User hasn't remembered to protect that file as well. This vulnerability gives them a backdoor to mount a mutiny where they can essentially change anything.

I've only run into one Mac where a user created a Super User account, an ex-Windows' user who thought he'd need it for housekeeping tasks, and then promptly forgot his fairly complex password! I had to restore the system to factory to get rid of it. Luckily he had a backup of his data files.

[Swordmaker]

Oh, as I understand it, the Super User can, if he chooses, change the Super User group to allow more than one member, but the default is currently just one.

[Lurkina.n.Learnin]

“”nukyuler,” including a particular past President who shall go W’less. That doesn’t make it correct. “

I remember a president before him that said nu-kee-er. They didn’t make much of it though, after all Jimmy Carter was sposed to be some sort of a nu-kee-er scientist or something.

[Swordmaker]

I remember a president before him that said nu-kee-er. They didn’t make much of it though, after all Jimmy Carter was sposed to be some sort of a nu-kee-er scientist or something.

I thought about mentioning our peanut farmer. . . I never could figger out how a guy like him could become a nu-kee-re scientist or enginyeer guys without a learnin' how to say the word.

[TheBattman]

So this exploit exists in Yosemite and El Capitan... yet later in the article it says the exploit has been closed in El Capitan betas.... Ummm... ok.

I’m also trying to figure out - IF I am logged in to an administrator account, someone steals my machine - what exactly can they do that isn’t already a danger with a machine logged in as an administrator? Then again OS X Yosemite and El Capitan both require administrator password to make changes to nearly everything...