Apple likes to keep its nose clean when it comes to security flaws, and prides itself on offering consumers a slightly better deal than rivals when it comes to keeping its products water-tight from potential attacks. By and large, the company manages to remain a top of any such issues, and when such time comes as they do arise, the response is usually swift and successful. However, an old, and as-yet unpatched security flaw within OS X offers intruders a route to root, so to speak, and the method, which involves playing around with certain clock and user timestamp settings, is rather alarming.
The security bug, which has been lying dormant for around six months, could potentially allow a hacker granting almost free reign of one’s computer files. The work of Metasploit, who have created a new module making it markedly easier for the issue to be exploited, means the previously low-key issue is now at the fore, and one hopes that Apple has plans to find the necessary resolution.
The bug can be exploited using a relatively simple UNIX workaround. Usually, a Mac user would put in a password to gain top-tier access to the machine’s files, but by setting the clock to Jan. 1, 1970, time restrictions limits on privileges can be readily bypassed. This will be of some concern to Mac users, and although the threat was fairly minimal up until now, Metasploit’s work will no doubt set alarm bells ringing.
H.D. Moore, founder of Metasploit, noted that the main issue with the bug is that “it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit.”
Versions of OS X from 10.7 to 10.8.4 are affected, since there’s no password requirement on time changes, and while Linux is also susceptible, the fact that most builds offer mandatory password protection on clock changes means the threat is much less.
Moore also added that he believes Apple should take the vulnerability “more seriously,” and although the Cupertino company is yet to comment on the new findings, let’s hope something is promptly done by Apple to protect those on OS X.