Mac hack offers super user status by resetting the clock

Security researchers have discovered a way that hackers can gain super user access to Mac computer systems by exploiting a security flaw that has remained unpatched by Apple for the last five months. If the flaw is exploited, users can gain root access to Mac computers that they already have limited control over. This particular authentication bypass vulnerability was first reported back in March.

The flaw allowing root access is in a UNIX component called sudo. Typically, sudo requires a password before granting super user privileges, such as the ability to access the files of other users. However, the unpatched flaw in vulnerable Mac computers allows hackers to gain root access by simply resetting the computer clock.

The exploit requires the computer clock to be set to January 1, 1970. The reason that specific date is required is because it represents the beginning of time to the operating system and some applications that run on it. When the sudo command is used in combination with a clock reset, the computer can be tracked into providing root access without a password.

Making the risk even higher for Mac users is the fact that developers of the open source software framework designed specifically to streamline exploiting vulnerable computers called Metasploit have created a module making it easy to exploit the vulnerability on Mac systems. It's also worth noting that the old versions of OS X from 10.7 up to 10.8.4 are vulnerable to the exploit.

SOURCE: ArsTechnica