iTWire - InputManager provides route to root for Mac attackers

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

InputManager provides route to root for Mac attackers

E-mail

by Stephen Withers
Wednesday, 24 January 2007
The third week of the Month of Apple Bugs has kicked off with a vulnerability that "makes every 'denial of service issue' leading to a so-called 'crash' usable for escalating privileges." Featured Whitepaper 5 Best Practices for Smartphone Support The sample exploit installs a InputManager in the user's Library folder, then causes it to be executed by UserNotificationCenter, a piece of software that runs with 'wheel' privileges (roughly equivalent to admin) and provides a mechanism for programs without user interfaces to interact with the user. The InputManager then replaces installAssistant (part of System Preferences) with a shell wrapper giving root access, then makes it executable again by repairing privileges. The attacker is then able to run this program to operate with root privileges. The exploit can also be triggered by kernel panics caused by corrupted font or disk image files. As it stands, this appears to be a local vulnerability, but that's still an issue in shared environments as it could be used by someone with a ordinary user account to make unauthorised changes to the system or to gain access to other users' files. The suggested workaround is to limit user's access to their InputManagers folder and prevent permissions repair.{moscomment} Tags See All Tags Apple Macintosh Malware Security Software Stephen Withers Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.