Attacker Could Get Root Rights to OS X for Years
OS X contained a bug that allowed any user to gain root access to a system. The bug, patched this week, could be exploited by a local attacker or in conjunction with other exploits that give users access to a system.
According to security researcher Emil Kvarnhammar, who tracked down the vulnerability, the vulnerability had been in OS X since 2011. It was patched just this week, but only for Yosemite users; users of older versions remain vulnerable. Kvarnhammar talks about a backdoor that allowed any user to gain root access on an OS X system.
According to Kvarnhammar, this is a hidden api, which is probably intended for the settings applications of OS X. In practice, however, other processes could also gain root access on an OS X system through the vulnerability, whereby a user or process with normal privileges that was also possible. This applies to admin accounts as well as ‘normal’ users.
The bug is not enough to crack a system remotely. However, attackers who have already gained access to an OS X system using another exploit can use the vulnerability for root access and thus increase their capabilities. Also, a local user with limited rights can take full control of the system.