Remote Root Exploit in Mac OS X

carrel.org ^ | 11/26/03 | William Carrel

[Bush2000]

You *must* have access to the same subnet as the target. You can't attack a random Mac on the Internet with this technique. The main threat seems to be for the Starbucks wireless user.

Not just Starbucks. Any LAN/WAN environment that has Macs connected to it that uses DHCP -- which is nearly all of them.

[Bush2000]

Settle down, Thomas. There are no reports that anyone in the real world has been attacked with this exploit. The patch will be available in a few days, after it has been tested.

I'm not troubled in the least, Hal. But, then again, I don't use a Mac ... so there's no need for worry. ;-p

[Petronski]

[Liberal Classic]

Yeah, you have other bugs to worry about. :)

[Swordmaker]

No, Mr. 2000, read Apple's instructions in Reply #60.

You are claiming much more than you know. Which is apparentlyh not much!

[Swordmaker]

Oh, by the way, just how many CRITICAL security issues were announced for your Windows system this year???

I've lost count.

I've made a lot of money fixing and patching them for my Windows clients, though.

[njmaugbill]

"Repeat after me: "OSX is se-currrrrrrrrrrrrrrrrrre....." BWAHAHAHAHAHAHAHAHAHAHAHAHA!"

He's getting slow, it took 5 posts for him to show up.

Bill from Nutley,
Apple user since 1987

[Bush2000]

Oh, by the way, just how many CRITICAL security issues were announced for your Windows system this year???

Changing the subject won't sweep this under the rug, Mac fanboy.

But since you raised the issue, I could care less. My box has never been exploited. It's locked down so tightly that you simply wouldn't be successful attacking it. And that's without applying security updates regularly.

[Swordmaker]

Changing the subject won't sweep this under the rug, Mac fanboy.

Again, Windows Fanboy, you run true to type... insulting people who choose something different than you do. How do you treat people who drive a different make of automobile?

Additionally, no one is changing the subject. We are discussing computer security and the RELATIVE merits of two platforms. No matter how you cut it, the Windows vulnerabilities are far greater than OS-X's vulnerabilities.

My box has never been exploited. It's locked down so tightly that you simply wouldn't be successful attacking it. And that's without applying security updates regularly.

My computer has never been exploited either... and that is without "locking it down so tightly." When I learned of this security issue, I evaluated, found it would apply only to a VERY MINISCULE number of Mac users ( and certainly not to me ), I assigned it the very low priority that Apple also assigned it.

But since you raised the issue, I could care less.

Then WHY do you post in every one of these threads???

"Quite frankly, Scarlet, I think you DO give a damn."

To paraphrase another writer, "Methinks the Bush2000 protesteth too much!"

[BureaucratusMaximus]

LMAO...you got it....that's it.

[Bush2000]

We are discussing computer security and the RELATIVE merits of two platforms.

No, actually, you're the one who wants to bring up Windows. Nearly everybody else is discussing OSX here.

My computer has never been exploited either... and that is without "locking it down so tightly." When I learned of this security issue, I evaluated, found it would apply only to a VERY MINISCULE number of Mac users ( and certainly not to me ), I assigned it the very low priority that Apple also assigned it.

Good thing you're not using your Mac in a corporate LAN/WAN environment. Because if you were, you're vulnerable.

Then WHY do you post in every one of these threads???

Ask yourself the same question when you visit Windows-related threads.

[Swordmaker]

No, actually, you're the one who wants to bring up Windows. Nearly everybody else is discussing OSX here.

Intelligent discussion requires that both parties have some knowledge or experience of the topic discussed; you do not have ANY experience with OS-X. On the other hand, I have extensive experience on both platforms which makes me more qualified then you to have an opinion. You have repeatedly spouted nonsense about this issue. For example, you very first post on this thread, which I quote:

"Repeat after me: "OSX is se-currrrrrrrrrrrrrrrrrre....." BWAHAHAHAHAHAHAHAHAHAHAHAHA!"

Now THAT is really intelligent discourse. Your second post end with your first slur on THIS thread:

"The Mac bigots tend to ignore bad news.

Of course, you Windows bigots are always extremely polite? Strange, just one reply later you insult a person YOU invited to the party who very politely requested you remove him from your ping list: "I'll bet you don't want to be pinged. Ignorance is bliss."

Next. we find you actually responding in a proper discussive manner... but that doesn't last long... at the next post we have youi agreeing with mere speculation that is contrary to the facts and ending with another: " BWAHAHAHAHAHAHAHAHAHA!" of glee. I think we see you real motive for participating in these threads.

Now returning to your last posting:

"Good thing you're not using your Mac in a corporate LAN/WAN environment. Because if you were, you're vulnerable. "

First, someone on this hypothetical corporate LAN/WAN would have to have malicious motives to damage a corporate asset... and then decide he only wanted to attack the Macs on that environment (perhaps someone who is a Windows bigot?) and then to do it ONE COMPUTER AT A TIME.. Add the chance that once the work around was known, the corporate IT guys would not have bothered to change to two minor settings on the at risk computers, which will STILL work on the network normally with those settings changed.

No, Bush2k, this is not a real big worry in the Mac world.

Am I concerned? Yes. Am I worried? No.

My point in asking about the number of critical security issues in Windows has to do with your obsession with the few that may occur in OS-X. Consider Luke 6:41:

Why do you see the speck that is in your brother's eye, but do not notice the log that is in your own eye?

The relative numbers of security issues on Mac OS-X and on Windows are equivalent to the speck and log referred to in Luke, Work on your LOG and let the Mac users worry about their SPECK!

[Bush2000]

Intelligent discussion requires that both parties have some knowledge or experience of the topic discussed; you do not have ANY experience with OS-X.

Bzzzzzt! Wrong. I know BSD. You lose.

Of course, you Windows bigots are always extremely polite?

Straw argument. The issue wasn't politeness. It was ignoring bad news.

First, someone on this hypothetical corporate LAN/WAN would have to have malicious motives to damage a corporate asset...

Allow me to be the first to educate you: Most corporate hacks are *internal* jobs. Read When the Hacker is on the Inside.

... and then decide he only wanted to attack the Macs on that environment (perhaps someone who is a Windows bigot?) and then to do it ONE COMPUTER AT A TIME..

A malicious DHCP server doesn't have to target Macs exclusively. Where did you ever get that bogus idea? As for attacking one computer at a time, read about DHCP protocol. general_re does a good job of describing what the malicious server can do -- and it could be catastrophic. Read #47.

Add the chance that once the work around was known, the corporate IT guys would not have bothered to change to two minor settings on the at risk computers, which will STILL work on the network normally with those settings changed.

Any IT guy that would deploy a Mac in a corporate enterprise (I'm still searching for one) probably has no idea what this hack means -- or why it's dangerous -- so I wouldn't put too much faith in these sorts of things. Insider hackers could be working this weekend when the IT guys are stuffing themselves with turkey.

[Bush2000]

The relative numbers of security issues on Mac OS-X and on Windows are equivalent to the speck and log referred to in Luke, Work on your LOG and let the Mac users worry about their SPECK!

What do you expect? Practically nobody uses Macs in corporate environments.

[Swordmaker]

What do you expect? Practically nobody uses Macs in corporate environments.

Bush, it is not the number of Macs in corporate environment... I said relative numbers of security issues... not absolute numbers. Nor am I talking about numbers of attacks... just numbers of critical security HOLES.

As to your "knowing" BSD... BIG DEAL. I said you had no experience with OS-X and NOTHING you have said shows that you have. In fact, a LOT you have said indicates you don't know BSD. I recall having a discussion with you about the differences between ROOT and ADMINISTRATOR accesses not too long ago.

Quite frankly, Bush2k, I think you echo a lot of the dis-information you hear without really understanding it...

[SengirV]

No, I just have to find a wireless user and pretend to be an LDAP server...

Now you just have to find a wireless user who is stupid enought to use no authentication to the DHCP(LDAP) server. IF they are doing that, then they are in a world of hurt to begin with.

[general_re]

Given how many people like to use open WAPs, whether they're intended to be publicly accessible or not, I'd say I wouldn't have to wait too long for that. It's rather tempting to set up a WAP of my own, and start handing out DHCP leases, just to see how many I can snag - at the very least, it might provide a nasty surprise for the wardriving community ;)

[battousai]

"I'm not wild about people releasing vulnerabilities before a patch is available, but this does seem to be rather slow in coming...."

If the company knows about the vulnerability, you can bet that its already well known in the underground, so it helps no one to keep it secret, by letting more people in on it someone might come up with a solution faster.

[general_re]

There is always that kind of tradeoff, unfortunately. At least in this case, the discoverer did let Apple know about the problem before releasing it. That strikes me as somewhat more responsible than simply going public without even the courtesy of a note to the vendor.