{"id":8004,"date":"2015-04-10T10:00:24","date_gmt":"2015-04-10T14:00:24","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8004"},"modified":"2015-04-10T10:00:24","modified_gmt":"2015-04-10T14:00:24","slug":"latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/10\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/","title":{"rendered":"Latest version of OS X closes Backdoor-like bug that gives attackers root"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/arstechnica.com\/security\/2015\/04\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/\"><img data-recalc-dims=\"1\" height=\"425\" width=\"640\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=640%2C425\" alt=\"\" \/><\/a><\/p>\n<p>For at least four years, a bug in Apple&#8217;s OS X gave untrusted users\u2014and possibly remote hackers with only limited control of their target\u2014unfettered &#8220;root&#8221; privileges over Macs.<\/p>\n<p>The vulnerability is being called a &#8220;hidden backdoor&#8221; by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it to Apple. It&#8217;s probably more accurate to describe it the equivalent of an unpublished programming interface that allowed users with admin or even lower-level standard privileges to gain root. The privilege escalation flaw was fixed in a massive security update Apple released Wednesday for the 10.10, aka Yosemite, version of OS X. Macs running versions 10.9 or earlier remain vulnerable.<\/p>\n<p>&#8220;The Admin framework in Apple OS X contained a hidden backdoor API to root access for several years (at least since 2011, when 10.7 was released),&#8221; Kvarnhammar wrote in a blog post published Thursday. &#8220;The intention was probably to serve the &#8216;System Preferences&#8217; app and systemsetup (command-line tool), but there is no access restriction. This means the API is accessible (through XPC) from any user process in the system.&#8221;<\/p>\n<p>To fully exploit the bug, attackers would need physical access to the targeted Mac. But the escalation vulnerability could potentially be exploited remotely in combination with other attacks, for instance, one that&#8217;s able to compromise a browser and break out of its security sandbox but doesn&#8217;t have privileged access to operating system resources. Exploits might also be useful against machines running server versions of OS X.<\/p>\n<p>When Kvarnhammar first discovered the bug last October, he found he could exploit it to gain root privileges from the rights normally granted only to admin accounts. The researcher continued to experiment with the flaw until he found a way to elevate privileges even from standard OS X accounts, which give users considerably less control. To Kvarnhammar&#8217;s amazement, he was able to expand the attack by sending a what&#8217;s known as a &#8220;nil&#8221; to the OS X mechanism that performs the elevation authorization. A nil is a zero-like value in the Objective C programming language that represents a non-existent object.<\/p>\n<p>&#8220;It seems like the authorization checks are made by triggering callback functions on the auth-object supplied,&#8221; Kvarnhammar wrote. &#8220;For those of you who are not Objective-C programmers: Guess what happens if you call methods on a null reference\u2013or to use Objective-C language, send a message to nil? Nothing! :)&#8221;<\/p>\n<p>via <a href=\"http:\/\/arstechnica.com\/security\/2015\/04\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/\" target=\"_blank\">Latest version of OS X closes Backdoor-like bug that gives attackers root | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For at least four years, a bug in Apple&#8217;s OS X gave untrusted users\u2014and possibly remote hackers with only limited [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2,9,10],"tags":[455,785,1177],"class_list":["post-8004","post","type-post","status-publish","format-standard","hentry","category-apple","category-software","category-technology","tag-hacking","tag-os-x","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-256","jetpack-related-posts":[{"id":5757,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/13\/dailytech-apple-reveals-os-x-yosemite-gives-it-a-fresh-coat-of-paint\/","url_meta":{"origin":8004,"position":0},"title":"DailyTech &#8211; Apple Reveals OS X &#8220;Yosemite&#8221;, Gives it a Fresh Coat of Paint","author":"NCCT","date":"June 13, 2014","format":false,"excerpt":"Apple's PC operating system gets an iOS 7-style makeover OS X is Apple\u2019s premiere desktop operating system, and it\u2019s getting a big update with OS X 10.10 \u201cYosemite\u201d. The \u201cflat\u201d user interface that was first introduced with iOS 7 has been deftly transferred to OS X. So for people that\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6466,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/24\/apple-releases-icloud-drive-for-windows-mac-users-have-to-wait-until-yosemite-is-out\/","url_meta":{"origin":8004,"position":1},"title":"Apple releases iCloud Drive for Windows, Mac users have to wait until Yosemite is out","author":"NCCT","date":"September 24, 2014","format":false,"excerpt":"Apple started rolling a revamped version of iCloud this week with the arrival of iOS 8. Dubbed iCloud Drive, the cloud storage service is now more akin to Dropbox and Google Drive in that you can actually access and store stuff through a file system. But while iPhone users who\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5902,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/09\/so-long-truecrypt-5-alternative-encryption-tools-that-can-lock-down-your-data\/","url_meta":{"origin":8004,"position":2},"title":"So long, TrueCrypt: 5 alternative encryption tools that can lock down your data","author":"NCCT","date":"July 9, 2014","format":false,"excerpt":"Open-source legend TrueCrypt may be gone, but the usefulness of full disk encryption carries on. So what's a crypto fan to do now for their encryption needs? Well, you could continue to use older versions of TrueCrypt if you already have it installed. While the security community was shocked earlier\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6106,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/30\/13-things-os-x-yosemite-beta-testers-need-to-know\/","url_meta":{"origin":8004,"position":3},"title":"13 things OS X Yosemite beta testers need to know","author":"NCCT","date":"July 30, 2014","format":false,"excerpt":"For the first time since the OS X beta test of 2000, Apple is allowing Mac users to test and provide feedback on a prerelease version of OS X. The first 1 million people to sign up for the beta program through Apple\u2019s Web page\u2014which crashed under heavy traffic on\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8859,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/03\/07\/following-a-public-outcry-amazon-will-reinstate-encryption-on-its-fire-devices-this-spring\/","url_meta":{"origin":8004,"position":4},"title":"Following a public outcry, Amazon will reinstate encryption on its Fire devices this spring","author":"NCCT","date":"March 7, 2016","format":false,"excerpt":"By Rob Thubron | TechSpot There are rare occasions when a consumer outcry can cause a company to reverse an unpopular decision it has made, and it seems Amazon is the latest firm to bow to public pressure. Only one day after an update removed local encryption in its Fire\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8744,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/11\/8744\/","url_meta":{"origin":8004,"position":5},"title":"Chrome to drop support for Windows XP, Windows Vista, and older Mac OS X versions in 2016","author":"NCCT","date":"November 11, 2015","format":false,"excerpt":"By Ian Ginos | Neowin Google Chrome, by some estimates the world's third most popular desktop web browser, will cease to support older versions of Microsoft's Windows and Apple's OS X operating systems. In a recent blog post, Google announced that it intends to discontinue support for Chrome on Windows\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8004"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8004\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}