Root Exploit For Mac Os X


Recommended Posts

15 April 2009, 17:46

Root exploit for Mac OS X

Several exploits for Apple's Mac OS X operating system are in circulation which have not yet been patched. In a short test carried out by the heise Security editorial team, one of the exploits allowed a Mac OS X 10.5.6 user with normal privileges to obtain root privileges. The problem is triggered when mounting malformed HFS disk images. The exploit consists of a shell script and some source code written in C. The C code generates the disk image which, when mounted, provokes the flaw that allows execution of code at root level.

The other exploits target vulnerabilities in kernel system calls (CTL_VFS, SYS___mac_getfsstat and SYS_add_profil) which allow logged-in users to crash a system. Parts of the kernel memory may also be vulnerable to spying. Another exploit for a hole in AppleTalk reportedly allows attackers to remotely provoke a buffer overflow. However, this vulnerability doesn't seem to allow code injection.

It remains unknown whether Apple has been informed of these problems. On his digit-labs.org website, the author of the exploits writes that he already publicly demonstrated the exploits at the recent CanSecWest 2009 security conference. Until Apple has released an update to solve the problems, users are advised not to mount disk images originating from unknown sources.

Heise security - http://www.h-online.com/security/Root-expl...X--/news/113075

>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...