Mac OS X Security Issue: Screen Lock Security Bypass Mac OS X 10.3 Panther

Affected Product: Mac OS X 10.3 Build 7B85
Severity: Low
Impact: Security Bypass
Where: Local System
Author: CodeSamurai (codesamurai@mac.com)

VULNERABILITY

With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. However, there is only a relatively small opening in the period of time in which the keys events get through; completing complicated operations at the keyboard have shown to be highly tedious in actual practice thus far.

EXPLOIT

With the screen effect active, keys pressed before the authentication window appears will be sent to the general user environment.

PRACTICAL TESTS

Tested Examples:

 An open word …

Mac OS X Security Issue – Screensaver Security Issue/Hack

Security Issue: Mac OS X Screensaver Password Protection Bug

Systems Vulnerable: Mac OS X 10.2.6 and prior
Date Fixed: TBA

Apple’s Mac OS X screensaver apparently contains a buffer overflow vulnerability that causes the screensaver to dump not requiring the user to enter a legitimate username and password.

When enabling the password protection on the Mac OS X screensaver users are required to authenticate before leaving the screensaver to gain access to the desktop again. Delfim Machado notified Apple that he had learned of a bug that caused the screensaver to exit without properly …

Mac OS X Security Issue – TruBlueEnvironment Privilege Escalation Attack

Computers running Mac OS X prior to 10.2.4 and unpatched contain a vulnerability that can be exploited to create files that can be run at elevated privileges because of the TruBlueEnvironment. Included is the security advisory covering the issue discovered by @Stake’s Dave.

For those unable to update they can change the permissions of the vulnerable files to the admin group.

sudo chown .admin /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment

sudo chmod 4750 /System/Library/CoreServices/Classic\ Startup.app/Contents/Resources/TruBlueEnvironment

Security Advisory

Advisory Name: TruBlueEnvironment Privilege Escalation Attack
Release Date: 02/14/2003
Application: TruBlueEnvironment
Platform: MacOS X (10.2.3 and below)
Severity: Local users can gain root privileges
Author: Dave G.
Vendor …

LittleSecrets – Encrypted Text Note Pad for Mac OS X

Information

LittleSecrets for Mac OS X gives the Macintosh users the ability to store notes in an encrypted format that can only be accessed with the password assigned to the file. Upon launching the encrypted file the user is instructed to enter the password, only upon proper authentication is access granted to the file.

Think of LittleSecret as a note management system that allows for you to sort and create new notes all manageable from the programs interface. The user is allowed to create folders and sub-folders to sort the information even …

SoftwareUpdate DNS Spoof, Poisoning Exploit

Resolution

The issue described below was addressed and take resolved by Apple July 12th 2002 by adding checksums to downloads. Update to current version of Mac OS X via the software updates or visit AppleCare Document 75304

Information

Anonymous writes “I have recently been forwarded a mail from a reliable source which highlights a possible security issue with Software Update. I have not tested it myself, but both the source of the mail and the person who forwarded it are reliable and have always helped me to keep up to date with a …

Mac OS X Security Guide v.1 by Chevell – SecureMac

MAC OS X Security to the general Macintosh user has never been much of an issue. Turn it on, use it, turn it off when you’re done. And even if you’ve got a DSL or other dedicated line, warnings related to hack attempts on open and dedicated networks lines never seemed to instill fear in a Mac user. Sure there are products like Norton Personal Firewall or NetBarrier 2.0, but these are for professionals right? Well, not really. But the truth is, for the general Macintosh user, the chances of …

Cisco VPN UNIX Mac OS X Client Security Issue

About Cisco VPN Client

The Cisco VPN (Virtual Private Network) Client establishes an encrypted tunnel between a local system and a Cisco VPN Concentrator. The tunnel provides confidentiality and integrity for the data in transit, allowing a user on the local system to securely connect to a corporate network via a public, possibly untrusted network.

Information

Cisco’s VPN Client for Mac OS X, Linux and Solaris contains a security vulnerability which results in administrative privileges via a exploit. The Virtual Private Network (VPN) client allows for the Non-Windows platform to function over a …

Mac OS X root sliplogin permission error leads to root

Published: 5.07.2002
Fixed: Mac OS X 10.1.4
Effected OS:
Mac OS X 10.1.3 and prior)

Information

The problems lies within the file /usr/sbin/sliplogin (sliplogin) bundled with versions of Mac OS X prior to 10.1.4 due to the permissions defined and a buffer overflow. The system can be taken control of if a non-administrative user were to overflow the program giving them permissions as a root user. This issue has been taken care of in 10.1.4 system security update, if you have not yet updated do so now.

A unix styled exploit for the Macintosh! This is …

Mac OS X AppleShare Administrative access hack

Today it was discovered in Mac OS X 10.1.4 (Not tested with prior versions yet) with multiple users

I have stumbled across a rather large security hole when AppleSharing between a Mac OS 9.2.2 box and a Mac OS X box running v.10.1.4.

If a Mac OS X 10.1.4 box contains multiple user or administrator accounts, their home directories as well as access to some shared folders with permissions for only one specific account can be broken into via AppleShare.

The trick is simple. This can be done on any administrator account on …

Mac OS X Trojans and Security Threats

Mac OS X is UNIX at the core this is very true as described in Apple’s print advertisement, besides sending all others to /dev/null this OS is also open to all the security issues behind the UNIX environment.

Many features that are offered in the UNIX enviornment can lead to security concerns. They’re not to be considered bugs or exploits, just features. Recently Max Grosse shared with SecureMac.com how a feature in sudo could be used to the advantage of hackers to create backdoors or execute malicius code.

The code Max created …

Mac OS X Server/ Client Sudo Local Root

The folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten you about sudo and what steps you need to talk to fix the security issue.

The Flaw

Dubbed ‘RootX’ when this exploit is compiled, the program communicates with a sudo feature to give root to any admin under Mac OS X. Sudo means ‘do this command as …

Mac OS X – Nimda spreads via Mac OS X Samba Service

Stuffing Mac OS and Mac OS X with Nimda Worm

Nimda fills the Macintosh with .eml files if File Sharing is enabled.
Includes Samba.

WW32/Nimda@mm
PE_NIMDA.A
I-Worm.Nimda
W32/Nimda-A
Win32.Nimda.A

W32.Nimda.A@mm, simply known as Nimda is a mass-mailing worm/virus that spread itself via multiple methods. Nimda will send itself out by email and will search for network shares that are open and try to copy itself to vulnerable/unpatched Microsoft IIS web servers and other network connections (Samba/File Sharing).

Nimda is a Windows worm/virus. However, if your Macintosh is connected to the internet or network with File Sharing methods enabled you …

Sneak Peek of MacAnalysis for Mac OS X – Preview NOW!

Sneak Preview of MacAnalysis for Mac OS X
“Exclusive Previews of MacAnalysis X!”

Lagoon Software’s MacAnalysis has become a manditory program for Macintosh users trying to secure their systems. MacAnalyis is a security auditing suite that runs on your Macintosh, test the security of a local or remote computer system.Read about MacAnalysis @ this SecureMac.com review

After many weeks of programming they are almost ready to start distribution of their Mac OS X version. SecureMac.com was given the program to take a look at – the program follows the same style setup from …

iDisk under Mac OS X 10.1 is significantly less secure…By Open Door...

Fix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.

Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability

Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …

Mac OS X Security Vulnerability setuid root applications leave root shell open...

Operating System: Max OS X Version Affected: up to 10.1

Security Risk: High
Remote: No
Fixed: 10.20.2001 see below

About

Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.

Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from …

Startup Security Mac OS and Mac OS X Open Firmware Password Configuration...

Information About Startup Security 1.1 for Mac OS 9 & Mac OS X

In case you do not know, your Macintosh may be able to have extra password protection offering you a extra touch of security if you are using Open Firmware 4.1.7 or higher running Mac OS 9 or Mac OS X.

What is Open Firmware Password Protection?

We have a whole discussion on Open Firmware Password protection here. In short it would be compared to the PC’s BIOS password where it asks you for password on startup or while trying to …

Apple.com Resources, Developments and TILs on Security Issues

It is recommended that you revisit this page because there will be frequent updates and additions as new security related resources at Apple pop-up.

General Security

Mac OS Security and Cryptography (ADC)
Technical Q&As – Security (ADC)
Product Security Response Support Information
PGP: Protecting Security Information
Security Updates

Mailing Lists

Product Security Notifications and Announcements
Apple’s Implementation of the Common Data Security Architecture

Software

Mac OS (General)
Keychain Manager (ADC)
Mac OS: “Unable to establish a secure connection” or “security certificate” Messages in Web Browsers (TIL 106211) [2001 March 23]
Securely Erasing, Accessing and Dismounting a Macintosh Partition (ADC FL11) [1999 January 11]
Accessing the …

Security-Ware – Physical Security for your Macintosh. Keep your Hardware...

We all realize security is a issue for our computers, but how secure can your password and encrypted files be when your computers have been stolen?

The San Diego, California based company, SecurityWare offers a wide variety of anti theft devices for your Macintosh computers and PC’s. After careful overview of the products we felt the Cable Security kits would be most use full to the general market!

SecurityWare’s iBook/iMac kits (with or without plate) makes it possible and affordable to secure your Mac. SecureMac travels from locations and our iBooks sometimes …

Sudo for Mac OS X has been found vulnerable to buffer overflows

What is sudo?

Sudo (superuser do) is a piece of software that allows a system admin to give certain users/groups the ability to run commands as root or another user

Sudo is available with most all unix based operating systems including Mac OS X.

The Problem

On 4.23.2K1 FreeBSD, Inc. released a security advisory warning users that all version of sudo prior to version 1.6.3.7 contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system.

Mac OS X 10.0.4 DOES included a fixed version of sudo …

OpenSSH for Mac OS X – Installation, How to and Custom Packages

What is OpenSSH

OpenSSH is a cost free version of the SSH protocol suite. Many of the users who utilize telnet, ftp, rlogin and other programs may not realize that their passwords are transmitted in plain text (unencrypted) across the Internet. The OpenSSH suite encrypts all data that comes to and from your computer including passwords.

The OpenSSH suite includes many functions and programs. SSH replaces rlogin and telnet, sftp replaces the plain ftp program and rcp is replaced with a enhanced scp program.

Luckily enough Apples new operating system, Mac OS X …