Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Hidden backdoor API to root privileges in Apple OS X

Hidden backdoor API to root privileges in Apple OS X


A security researcher has found that the Admin framework in Apple OS X contains a hidden backdoor API to root privileges. As per the researcher, the flaw has been there for several years but has been detected in October 2014 and it can be exploited to escalate privileges to root from any user account in the system. The intention was probably to serve the “System Preferences” app and systemsetup (command-line tool), but any user process can use the same functionality. Apple has now released OS X 10.10.3 where the issue is resolved. OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. Users are recommended to upgrade to 10.10.3.
 
Read More:
 
Source:
 
Hacker News
 
Ars Technica
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
 
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis