Researchers have made it easier to exploit a five-month-old security flaw that allows penetration testers and less-ethical hackers to gain nearly unfettered "root" access to Macs over which they already have limited control.
The authentication bypass vulnerability was reported in March and resides in a Unix component known as sudo. While the program is designed to require a password before granting "super user" privileges such as access to other users' files, the bug makes it possible to obtain that sensitive access by resetting the computer clock to January 1, 1970. That date is known in computing circles as the Unix epoch, and it represents the beginning of time as measured by the operating system and most of the applications that run on it. By invoking the sudo command and then resetting the date, computers can be tricked into turning over root privileges without a password.
Developers of Metasploit, an open-source software framework that streamlines the exploitation of vulnerabilities in a wide array of operating systems and applications, recently added a module that makes it easier to exploit the sudo vulnerability on Macs. The addition capitalizes on the fact that all versions of OS X from 10.7 through the current 10.8.4 remain vulnerable. While the bug also affected many Linux distributions, most of those require a root password to change the computer clock. Macs impose no such restrictions on clock changes, thanks to the systemsetup binary.