• Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

    Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily...

  • miniLock - Open Source File Encryption Tool from CryptoCat Developer

    It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as...

  • A BEGINNERS GUIDE TO HACKING UNIX

      *************  *       A BEGINNERS GUIDE TO:        *  *        ...

  • CASH! CASH! Hacking ATM Machines with Just a Text Message

    As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million...

  • Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

    Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the...

  • Snoopy Drone Can Hack Your Smartphones

    The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for...

  • Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

    Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts...

  • Introduction to Netcat

    Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of...

  • Google Nexus phone vulnerable to SMS-based DOS attack

    Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network...

  • Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

    A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability...

Thursday, 5 September 2013

Apple Mac OS X Vulnerability enables root user to HACKERS by resetting the clock

Do you think, because you’re using an Apple Mac, your data is safe from hackers ? Well, it is not true, there are dozens of security weaknesses and today Researchers have made it easier to exploit Apple Mac OS X, that allows penetration testers and hackers to gain root access.



The flaw remained unmatched by Apple for the last five months, dubbed CVE-2013-1775, the flaw allowed attackers to bypass normal password authentication procedures by resetting the computer clock to January 1, 1970.
The reason that specific date is required is because it represents the beginning of time to the operating system and some applications that run on it. When the SUDO command is used in combination with a clock reset, the computer can be tracked into providing root access without a password.

Metasploit authors have come up with a brand new module that makes the bug even easier to exploit, renewing interest in the problem. The module gains a session with root permissions as long as the user ran the SUDO command before and as long as they have administrative privileges.

H.D. Moore, founder of Metasploit, warned that this was a serious vulnerability: “The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit.”

In addition, the hacker needs to have either physical or remote access to the machine. Apple has yet to respond or issue a patch for the bug. As a result, all versions of the operating system from OS X 10.7 to the current 10.8.4 are affected.

Most of the recent exploits of Mac OS X have been related to Java, which Apple completely blocked earlier this year over security vulnerabilities.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)