In luna martie a acestui an a fost descoperita o vulnerabilitate care permite hackerilor sa obtina acces de administrator la OS X-ul celor de la Apple, compania nereusind pana in momentul de fata sa o repare. Vorbim despre o vulnerabilitate prezenta in comanda Sudo Unix si ea afecteaza atat vechiul OS X Lion 10.7.x, cat si noul OS X Mountain Lion 10.8.x, iar asta in ciuda faptului ca Apple stie despre ceva vreme despre vulnerabilitate, mai multe companii de securitate vorbind despre ea.
Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can’t be used in the kind of drive-by webpage attacks that last year infected some 650,000 Macs with the Flashback malware. This doesn’t mean it’s a non-issue though, since the exploit can be used in concert with other attacks to magnify the damage they can do.
Problema pentru Apple este ca o companie specializata pe exploatarea acestor vulnerabilitati a dezvoltat un software care simplifica exploatarea acestuia, asa ca acum persoanele rau intentionate pot obtine mult mai usor acces de administrator. Desi Apple se pregateste sa lanseze OS X Mountain Lion 10.8.5, compania nu mentioneaza absolut nimic in legatura cu aceasta vulnerabilitate, dar asta nu inseamna ca ea nu ar fi fost rezovlata de catre cei din Cupertino.
