![]() The first is if someone has physical or remote access to your computer. Privilege escalation attacks are typically used in two situations. The attacker still needs to get you to run something on your system in the first place, and there are some simple things you can do to protect yourself (see Matasano Security’s excellent blog post for more technical information and how to disable the attack). When this first appeared, I wasn’t really worried. Runs “reallybadstuff” as root, without asking you for your password. Osascript -e 'tell app "ARDAgent" to do shell script "reallybadstuff"' In this case, ARDAgent supports AppleScript, including the command to run other programs, which then run as root. It’s a common programming technique on Unix systems, but one that often creates security problems. In this case, the Apple Remote Desktop agent (ARDAgent) uses a technique called SUID to run things as root. Thus, even if you are running as a regular user or in a guest account, exploiting this vulnerability allows you to escalate your rights to run without restriction. This particular vulnerability is what we call “local privilege escalation.” It enables a user of a system to escalate their rights to “root,” which allows full control over the system. As usual, Apple will need to patch this one quickly. The good news is, based on the nature of the vulnerability, the risk is low – but the bad news is that this kind of attack could become more serious. By the next day, the first reports of this vulnerability being used in exploits appeared, followed by various news stories, additional alerts from security vendors, and new exploits from the bad guys. It’s an unfortunate truth that fear and bad news are effective sales tools for security products. ![]() Soon after the unpatched vulnerability was disclosed the major Mac antivirus vendors updated their products and issued press releases to draw attention to the problem. We watched this cycle kick into full gear during the past couple of weeks, starting with the announcement of a new Mac OS X vulnerability on 18-Jun-08 over at Slashdot. In such a maelstrom of information it is often difficult for average users to separate the truth from the hype, evaluate their personal risk, and take defensive actions. This is especially true with Apple products, where we face the triple threat of security vendors trying to sell products to a disinterested community that usually doesn’t need them, a press always eager to knock Apple down a notch, and bad guys looking to build their reputations at Apple’s expense. One of the downsides of increased attention to computer security is that whenever a new vulnerability or attack technique appears, we, the humble users, face an onslaught of hyperbole from the press, security vendors, and bad guys themselves. #1610: Avoid hacked email scams, disable a known AirTag's alerts, battery technology tricks, industry support for passwordless login.#1611: OS updates, RIP iPod touch, iCloud Drive shared folder data loss risk, KDEConnect links iPhone to Linux.#1612: OS suggestions, new accessibility features, higher cellular prices, Chrome OS Flex for old Macs, Memorial Day hiatus.#1613: M2 MacBook Air and 13-inch MacBook Pro, long-awaited features coming to OS, watchOS 9, TidBITS website changes, tvOS and HomePod update.#1614: 2022 OS system requirements, WWDC 2022 head-scratcher features, travel tech notes from Canada.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |