Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday July 23 2015, @04:31PM   Printer-friendly
from the just-so-you-know dept.

Bug in Latest Version of OS X Gives Attackers Unfettered Root Privileges

A bug in the latest version of Apple's OS X gives attackers the ability to obtain unfettered root user privileges, a feat that makes it easier to surreptitiously infect Macs with rootkits and other types of persistent malware.

The privilege-escalation bug, which was reported in a blog post published Tuesday by security researcher Stefan Esser, is the type of security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications. Hacking Team, the Italian malware-as-a-service provider that catered to governments around the world, recently exploited similar elevation-of-privileges bugs in Microsoft Windows. When combined with a zero-day exploit targeting Adobe's Flash media player, Hacking Team was able to pierce security protections built into Google Chrome, widely regarded as the Internet's most secure browser by default.

According to Esser, the OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Developers didn't use standard safeguards involving additions to the OS X dynamic linker dyld, a failure that allows attackers to open or create files with root privileges that can reside anywhere in the OS X file system.

Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution

If you are using Windows, you must patch your system immediately. Microsoft Security Bulletin MS15-078 (CVE-2015-2426) is quite probably the most serious vulnerability in Windows discovered recently, serious enough that Microsoft issued one of its rare out-of-band security updates to address it.

The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

This is probably one of the most serious of the zero-day exploits that Hacking Team had been using, and was exposed in their recent security breach. Researchers from FireEye Inc. are credited with bringing the bug to Microsoft's attention.

"CVE-2015-2426 is a straight-to-kernel remote code execution vulnerability," a FireEye spokesman said in an email reply to questions, using the flaw's Common Vulnerabilities and Exposure identifier. "The vulnerability was leaked with the Hacking Team email breach."


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by FatPhil on Thursday July 23 2015, @08:40PM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday July 23 2015, @08:40PM (#212844) Homepage
    UUOP - useless use of python. You can tell from the '|' and ';' that you're already in a shell, so why not use shell builtins (such as echo), or trivial lightweight binaries (such as echo) rather than a great bloaty interpreted language? Here, of course, "you" = whoever you're quoting.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Interesting=1, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by el_oscuro on Friday July 24 2015, @11:15PM

    by el_oscuro (1711) on Friday July 24 2015, @11:15PM (#213367)

    You mean?

    $ echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

    Am I missing something? Did they really leave /etc/sudoers world writable?

    --
    SoylentNews is Bacon! [nueskes.com]
    • (Score: 2) by FatPhil on Sunday July 26 2015, @11:24PM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Sunday July 26 2015, @11:24PM (#214011) Homepage
      nope, you need the dynamic loader to do the writing for you. It runs with escalated privileges, and is now prepared to log to arbitrary files, as directed by that environmental variable.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves