Apple
SecureMac Security Bulletin
Posted: December 17th, 2008
Security Risk: Critical
Halloween marked the one-year anniversary since the DNSChanger Trojan Horse was discovered in the wild, and in that time it has grown to become the single most widespread piece of malware on OS X. In order to promote safe web browsing, SecureMac has issued a bulletin on the DNSChanger Trojan Horse, with information on common symptoms of infection, ways to check for and remove the Trojan, and a list of safe practices when surfing the web.
Symptoms of Infection by DNSChanger Trojan Horse
Website …
December 17, 2008 •
3 min read
10.4 Tiger
Mac OS X FileVault Security Advisory
Advisory Title: FileVault Leaves Unencrypted Home Data Behind
Release Date: 2003 November 6
Fix Date: Mac OS X 10.4 (May 2005)
Affected Product: Mac OS X 10.3 Build 7B85
Impact: Unencrypted Data Left Behind
Where: Local System
Author: CodeSamurai (codesamurai@mac.com)
Update (Mac OS X 10.4): With the release of Mac OS X 10.4 (Tiger), Apple has included a fix for this in the FileVault enabling process. When the user goes to enable FileVault on their user account in System Preferences, one of the sheets will now have a “Use secure erase” checkbox. …
November 6, 2003 •
3 min read
10.2 Jaguar
Advisory Title: USB Keyboard Init Crash -> Root Access
Release Date: 2003 October 31
Affected Products: Mac OS X 10.2.7 and prior (possibly 10.2.8)
Severity: Moderate
Impact: Root Access
Where: Local System
Author: Jason Storm (jms@lasergun.org)
VULNERABILITY
With access to a USB Keyboard connected to the computer running Mac OS X 10.2.7 and prior (and possibly 10.2.8) the user can hold down control-c during startup to be dropped to the administrative full controlling root shell prompt due to init crashing.
init will crash within three minutes into the booting process and will drop you into a root shell. With …
October 11, 2003 •
2 min read
10.3 Panther
Affected Product: Mac OS X 10.3 Build 7B85
Severity: Low
Impact: Security Bypass
Where: Local System
Author: CodeSamurai (codesamurai@mac.com)
VULNERABILITY
With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in the period of time in which the keys events get through; completing complicated operations at the keyboard have shown to be highly tedious in actual practice thus far.
EXPLOIT
With the screen effect active, keys pressed before the authentication window appears will be sent to the general user environment.
PRACTICAL TESTS
Tested Examples:
An open word …
October 4, 2003 •
2 min read
10.2 Jaguar
Security Issue: Mac OS X Screensaver Password Protection Bug
Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA
Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.
When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly …
July 7, 2003 •
1 min read
10.2 Jaguar
Computers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave.
For those unable to update they can change the permissions of the vulnerable files to the admin group.
sudo chown .admin /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment
sudo chmod 4750 /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment
Security Advisory
Advisory Name: TruBlueEnvironment Privilege Escalation Attack
Release Date: 02/14/2003
Application: TruBlueEnvironment
Platform: MacOS X (10.2.3 and below)
Severity: Local users can gain root privileges
Author: Dave G.
Vendor …
February 11, 2003 •
3 min read
Mac OS X
Resolution
The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304
Information
Anonymous writes “I have recently been forwarded a mail from a reliable source which highlights a possible security issue with Software Update. I have not tested it myself, but both the source of the mail and the person who forwarded it are reliable and have always helped me to keep up to date with a …
July 6, 2002 •
2 min read
Mac OS X
About Cisco VPN Client
The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect to a corporate network via a public, possibly untrusted network.
Information
Cisco’s VPN Client for Mac OS X, Linux and Solaris contains a security vulnerability which results in administrative privileges via a exploit. The Virtual Private Network (VPN) client allows for the Non-Windows platform to function over a …
June 4, 2002 •
4 min read
Mac Classic
Published: 5.07.2002
Fixed: Mac OS X 10.1.4
Effected OS:
Mac OS X 10.1.3 and prior)
Information
The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system can be taken control of if a non-administrative user were to overflow the program giving them permissions as a root user. This issue has been taken care of in 10.1.4 system security update, if you have not yet updated do so now.
A unix styled exploit for the Macintosh! This is …
May 7, 2002 •
2 min read
Mac Classic
Today it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users
I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4.
If a Mac OS X 10.1.4 box contains multiple user or administrator accounts, their home directories as well as access to some shared folders with permissions for only one specific account can be broken into via AppleShare.
The trick is simple. This can be done on any administrator account on …
May 4, 2002 •
2 min read
Mac OS X
The folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten you about sudo and what steps you need to talk to fix the security issue.
The Flaw
Dubbed ‘RootX’ when this exploit is compiled, the program communicates with a sudo feature to give root to any admin under Mac OS X. Sudo means ‘do this command as …
February 7, 2002 •
4 min read
Mac Classic
Fix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.
Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability
Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …
October 6, 2001 •
2 min read