Posted on 08/03/2015 10:25:23 PM PDT by Swordmaker
For anyone who is unfamiliar with Mac Gatekeeper, here is a link explaining it...
http://www.macobserver.com/tmo/article/how-to-secure-your-mac-with-os-x-gatekeeper
Opinions vary. Mine is you should never use an admin-level account as your day-to-day login. OS X may have features that protect you from yourself if you don't, but it's still poor practice and explicitly separating admin from regular users helps enforce the point of what you're doing.
I agree with you. There are many times I would have toasted my system and had to restore from time machine were it not for file permissions while running as unprivileged.
The claim was this was a "remote" attack. . .,It is not except in the sense that it can be exported with a device in which case the new machines are toast. But if it requires being downloaded by someone with high privileges who gives it permission to install and run, that doesn't qualify it as being "remote."
Thunderstrike 2 Worm can infect your Mac without detection— but requires Root access— MacDailyNews, Forbes Report, August 3, 2015“Trammell Hudson, an employee of high-tech hedge fund Two Sigma Investments, created something of a storm late last year with his Thunderstrike exploit on Apple Macs,” Thomas Fox-Brewster reports for Forbes. “t was the first time anyone had demonstrated a Mac bootkit – malware that launches ahead of the operating system, from the moment the PC starts, and is hidden from security tools, most of which don’t delve so deep inside Macs’ innards. It’s probably the most surreptitious, devilish kind of malware one can get onto a PC, effectively granting an attacker total control over the computer.”
“There was one major barrier to exploitation outside of labs, however: it required physical access to the target PC,” Fox-Brewster reports. “But now Hudson has collaborated with self-proclaimed ‘voodoo’ researchers Xeno Kovah and Corey Kallenberg, Mac bootkits can now be delivered from anywhere on the planet. They could also jump between machines over infected Thunderbolt devices, creating a ‘firmworm.'”
“To get that bootkit up and running, there are numerous paths a malicious hacker could take. The one the trio will show off at the Black Hat security conference in Las Vegas this week will assume the attacker already has root control over the machine. Getting to that point is not the simplest of tasks on Apple Macs, but an Oracle Java or Adobe Flash exploit would do the trick,” Fox-Brewster reports. “In the video below, Hudson shows how an attack can jump from OROMs, to the BIOS, and back to the OROMs, primed to infect another Mac.”
The Forbes article seems to think that achieving ROOT access is a trivial matter, it really isn’t. However, a really determined hacker could conceivably find a way.
This sounds analogous to the USB malware.
It is trivial if there is a vulnerability. As I pointed out on the other thread I ran a trivial test on my system and wrote a file that I had no permission to write. I could have overwritten any file I wanted. That is probably already fixed but I don't have auto-updating.
The real point isn't whether privilege escalation is difficult or not. It is that the escalation is one extra step needed for more the hacker to completely take over. For years Windows never needed that extra step so it was easier for hackers to take over. Now they protect most critical system stuff with UAC. But they are late to do what Unix has had for decades.
That's the extra step. But like I showed it is not impossible. My own machine has a trivial to exploit escalation vulnerability and I bought and updated it about a month ago.
You're right, it is. Any port into a computer is an access. . . especially if it gives access to re-programable chips. The Thunderstrike is especially egregious because the devices and even the adaptors that plug into it have reprogramable chips IN THEM where the malware can be stashed!
It is trivial only if the vulnerability is exploitable. I've seen many vulnerabilities that were not exploitable or innocuous even if exploitable.
Ouch.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.