Security Hero Rotating Header Image

Mac security under renewed question

Mac security under renewed question

Heise Security has confirmed the effectiveness of a privilege escalation exploit for Mac OS X. The result of mounting a maliciously formed HFS disk image file is that the user gains root privileges.

The exploit is one of several revealed at last month’s CanSecWest 2009 conference by Christer Oberg and Neil Kettle. It could be used by someone that has legitimate access to a system with normal user privileges in order to carry out unauthorised activities that require admin rights.

The vulnerability is said to be present in all versions of Mac OS X from 10.4.0 onwards, including the Snow Leopard betas. Other Mac OS X vulnerabilities disclosed by Oberg and Kettle involve kernel memory leaks and/or denial of service conditions.


Leave a Reply

Your email address will not be published. Required fields are marked *