{"id":8004,"date":"2015-04-10T10:00:24","date_gmt":"2015-04-10T14:00:24","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8004"},"modified":"2015-04-10T10:00:24","modified_gmt":"2015-04-10T14:00:24","slug":"latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/10\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/","title":{"rendered":"Latest version of OS X closes Backdoor-like bug that gives attackers root"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/arstechnica.com\/security\/2015\/04\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/\"><img data-recalc-dims=\"1\" height=\"425\" width=\"640\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=640%2C425\" alt=\"\" \/><\/a><\/p>\n<p>For at least four years, a bug in Apple&#8217;s OS X gave untrusted users\u2014and possibly remote hackers with only limited control of their target\u2014unfettered &#8220;root&#8221; privileges over Macs.<\/p>\n<p>The vulnerability is being called a &#8220;hidden backdoor&#8221; by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it to Apple. It&#8217;s probably more accurate to describe it the equivalent of an unpublished programming interface that allowed users with admin or even lower-level standard privileges to gain root. The privilege escalation flaw was fixed in a massive security update Apple released Wednesday for the 10.10, aka Yosemite, version of OS X. Macs running versions 10.9 or earlier remain vulnerable.<\/p>\n<p>&#8220;The Admin framework in Apple OS X contained a hidden backdoor API to root access for several years (at least since 2011, when 10.7 was released),&#8221; Kvarnhammar wrote in a blog post published Thursday. &#8220;The intention was probably to serve the &#8216;System Preferences&#8217; app and systemsetup (command-line tool), but there is no access restriction. This means the API is accessible (through XPC) from any user process in the system.&#8221;<\/p>\n<p>To fully exploit the bug, attackers would need physical access to the targeted Mac. But the escalation vulnerability could potentially be exploited remotely in combination with other attacks, for instance, one that&#8217;s able to compromise a browser and break out of its security sandbox but doesn&#8217;t have privileged access to operating system resources. Exploits might also be useful against machines running server versions of OS X.<\/p>\n<p>When Kvarnhammar first discovered the bug last October, he found he could exploit it to gain root privileges from the rights normally granted only to admin accounts. The researcher continued to experiment with the flaw until he found a way to elevate privileges even from standard OS X accounts, which give users considerably less control. To Kvarnhammar&#8217;s amazement, he was able to expand the attack by sending a what&#8217;s known as a &#8220;nil&#8221; to the OS X mechanism that performs the elevation authorization. A nil is a zero-like value in the Objective C programming language that represents a non-existent object.<\/p>\n<p>&#8220;It seems like the authorization checks are made by triggering callback functions on the auth-object supplied,&#8221; Kvarnhammar wrote. &#8220;For those of you who are not Objective-C programmers: Guess what happens if you call methods on a null reference\u2013or to use Objective-C language, send a message to nil? Nothing! :)&#8221;<\/p>\n<p>via <a href=\"http:\/\/arstechnica.com\/security\/2015\/04\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/\" target=\"_blank\">Latest version of OS X closes Backdoor-like bug that gives attackers root | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For at least four years, a bug in Apple&#8217;s OS X gave untrusted users\u2014and possibly remote hackers with only limited [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2,9,10],"tags":[455,785,1177],"class_list":["post-8004","post","type-post","status-publish","format-standard","hentry","category-apple","category-software","category-technology","tag-hacking","tag-os-x","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-256","jetpack-related-posts":[{"id":9430,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/05\/the-prosecco-experience-this-week-in-tech-691\/","url_meta":{"origin":8004,"position":0},"title":"The Prosecco Experience &#8211; This Week in Tech 691","author":"NCCT","date":"November 5, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9Pm9vDm1-sg Apple\u2019s new Macs and iPads, CIA\u2019s not-so-secret websites, Twitter voter suppression, and more. -- Apple announces new MacBook Air and Mac Mini, then blows them both away with its new iPad Pro. -- Apple will no longer tell us how many iPhones it sells. -- How to kill an\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9Pm9vDm1-sg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9452,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/internal-bug-discovery-security-now-693\/","url_meta":{"origin":8004,"position":1},"title":"Internal Bug Discovery &#8211; Security Now 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ClVI9PMQGCY Australia vs Encryption, Google+ Bugs Hasten its Demise -- Australia's recently passed anti-encryption legislation -- Details of a couple more mega-breaches including a bit of Marriott follow-up -- A welcome call for legislation from Microsoft -- A new twist on online advertising click fraud -- The DHS is interested\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ClVI9PMQGCY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9655,"url":"https:\/\/nccomputertech.com\/techtalk\/2021\/03\/09\/fuquay-varina-and-holly-springs-computer-repair\/","url_meta":{"origin":8004,"position":2},"title":"Fuquay Varina and Holly Springs Computer Repair","author":"NCCT","date":"March 9, 2021","format":false,"excerpt":"Welcome to our blog. NC Computer Tech services Fuquay Varina, Holly Springs, and surrounding NC areas. We offer prompt, professional, courteous service with over twenty years of experience dealing with residential and small business clients offering them solutions and fixing their computer and network issues at reasonable rates. Our services\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9910,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/slap-and-flop-siri-ios-18-3-update-apple-music\/","url_meta":{"origin":8004,"position":3},"title":"Slap and Flop &#8211; Siri, iOS 18.3 Update, Apple Music","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/Xwqi58VczQ4 What's going on with Siri? iOS 18.3 update is out now, along with a fix to a zero-day flaw. You can buy iPhones on eBay with TikTok installed on them as TikTok is still not available for download on the App Store. And on January 27th, 2010, Steve Jobs\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Xwqi58VczQ4\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9293,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/01\/29\/this-week-in-tech-651-occupy-fiber\/","url_meta":{"origin":8004,"position":4},"title":"This Week in Tech 651: Occupy Fiber","author":"NCCT","date":"January 29, 2018","format":false,"excerpt":"https:\/\/youtu.be\/gdKJ49zG7D0 Elon Musk's great ideas: Tesla, SpaceX, flamethrowers. Apple HomePod arrives next week. Google Clips camera is not at all creepy, we swear. Nobody won the Lunar X Prize. Amazon Go officially opens. Montana, New York, AT&T, John Deere, and Burger King take up the Net Neutrality battle. Intel's Spectre\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/gdKJ49zG7D0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9385,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/23\/this-week-in-tech-676-falling-asleep-as-the-robots-wake-up\/","url_meta":{"origin":8004,"position":5},"title":"This Week in Tech 676: Falling Asleep as the Robots Wake Up","author":"NCCT","date":"July 23, 2018","format":false,"excerpt":"https:\/\/youtu.be\/uV5cQYtuJjU This Week in Tech - The future is flying cars! (Or not-flying cars, perhaps holes in the ground.) - Apple's new MacBooks suffering from thermal throttling - is it the end for Intel? - Google hit with $5 billion fine by EU for Android shenanigans. - Will Fuschia be\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/uV5cQYtuJjU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8004"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8004\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}