OSX Vulnerability Allows Hackers Superuser Access

[EChondo]

http://www.tuaw.com/2013/08/29/os-x-vulnerability-allows-superuser-access-to-hackers/
 

Another vulnerability has popped up in OS X, and this time it's not Java-related. The developers of Metasploit, a software utility that makes it easier for people to abuse vulnerabilities in OSes for security-testing purposes, have added a new Unix Sudo vulnerability to their software. As OS X runs a modified version of Unix, this means it is vulnerable. As Arstechnica reports:

"The authentication bypass vulnerability was reported in March and resides in a Unix component known as sudo. While the program is designed to require a password before granting "super user" privileges such as access to other users' files, the bug makes it possible to obtain that sensitive access by resetting the computer clock to January 1, 1970. That date is known in computing circles as the Unix epoch, and it represents the beginning of time as measured by the operating system and most of the applications that run on it. By invoking the sudo command and then resetting the date, computers can be tricked into turning over root privileges without a password."

Apple has not commented on the bug, but the company is usually pretty quick to issue a fix once it is aware of them.

Well this is a serious issue.

 

I'll give Apple a couple days to fix this, if not done in that time, then the blame is put on them.

[_ASSASSIN_]

that's what they get for stealing unix (a OS where people with NO PAY worked hard to make) and re-packaging it as their own, and are PROFITING from it

[mgsstar]

Apple will need to fix this ASAP because this can cause someones system files/programs to mess up if someone used sudo to do damaging things.

[beebskadoo]

Love watching them suffer....