View Single Post
Luca
ಠ_ರೃ
 
Join Date: May 2004
Location: Minnesota
 
2008-06-22, 19:48

There was a big discussion of this over at MacNN and I realized some people here might be interested to learn about this. I know, I'm a Windows user, but I'm not doing this to troll Mac users or anything... I shouldn't be one to talk anyway, right? Basically I figure some of the more security-aware people here will want to know about the exploit so they can protect themselves.

http://it.slashdot.org/it/08/06/18/1919224.shtml

It appears as though entering a simple command in Terminal will grant any user root access, and this vulnerability affects fresh OS X installations right out of the box. It's also primarily a local vulnerability, so it's not as bad as it sounds, but there are ways to execute it remotely if the computer's owner has turned on SSH or remote desktop.

Also, according to the guy who posted it at MacNN (link), it's been part of OS X for about four years. He claims to have reported it to Apple several times, and each time they've ignored it. I just hope this isn't something like iChat and Mail never hiding at startup or hard drive capacities under the icons never updating - bugs that have been swept under the rug for years (in some cases, nearly a decade). Unlike those, this one is a real security threat that Apple needs to deal with. Like the guy at MacNN, I hope it going public persuades Apple to fix it, but you never know.
  quote