For at least four years, a bug in Apple's OS X gave untrusted users—and possibly remote hackers with only limited control of their target—unfettered "root" privileges over Macs.
The vulnerability is being called a "hidden backdoor" by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it to Apple. It's probably more accurate to describe it the equivalent of an unpublished programming interface that allowed users with admin or even lower-level standard privileges to gain root. The privilege escalation flaw was fixed in a massive security update Apple released Wednesday for the 10.10, aka Yosemite, version of OS X. Macs running versions 10.9 or earlier remain vulnerable.
"The Admin framework in Apple OS X contained a hidden backdoor API to root access for several years (at least since 2011, when 10.7 was released)," Kvarnhammar wrote in a blog post published Thursday. "The intention was probably to serve the 'System Preferences' app and systemsetup (command-line tool), but there is no access restriction. This means the API is accessible (through XPC) from any user process in the system."
Read 3 remaining paragraphs | Comments