OS X Vulnerability Can Give Unauthorized Users Superuser Access

Mac OS X Mountain Lion

According to reports, developers of Metasploit have added the Sudo vulnerability to their software.

Metasploit is designed to scan for vulnerabilities, and is made for IT professionals who want to discover any vulnerabilities within their systems.

Here’s part of the report:

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can’t be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn’t mean it’s a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.

That’s interesting, but it seems that several conditions must be met.

[via MacRumors]

 

About 8bitjay

Google + Profile