New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5

1235»

Comments

  • Reply 81 of 92
    Quote:

    Originally Posted by mstone View Post

     



    Since most Macs are single user machines, the end user password is actually the root password in many cases. Because of this, Apple has placed restrictions on what that user can do. Only Apple signed code can do certain things like write files inside /System and some other directories. Third party code is also restricted. People type in their password all the time without giving a second thought to the fact that an application is requesting permission to do something and by typing in your password you are essentially giving that third party app root privileges.




    And if I really, really wnt to have access to what's protected by rootless, I can switch it off? 

  • Reply 82 of 92
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by WonkoTheSane View Post

     



    And if I really, really wnt to have access to what's protected by rootless, I can switch it off? 




    Probably. Who ever thought we would have to Jailbreak OS X?

  • Reply 83 of 92
    tallest skiltallest skil Posts: 43,399member
    Originally Posted by mstone View Post

    Probably. Who ever thought we would have to Jailbreak OS X?



    I imagine it would’ve been a logical conclusion to make as early as June 29, 2007.

  • Reply 84 of 92
    http://prntscr.com/86dmrh

    Figured I'd give it a test, 1.8.4 Hackintosh build with the standard kernel. Pulled the git repo, compiled the source and ran the app, sure enough it managed to get a root shell. The shell it opened was running under root, but once I killed the newly created process, the shell that i was already running had become root, as well as every other terminal I had opened already was running under root.

    http://prntscr.com/86dntw
  • Reply 85 of 92
    nolamacguynolamacguy Posts: 4,758member
    Of course it does.  The comment does nothing to prevent or identify trolls, as you suggest it does.

    incorrect. my "it does nothing of the sort" is in regards to your claim that identifying troll narrative changes the tone of s thread. it doesn't. you haven't shown that it does.

    That is, you say, "and yes, indentifying this nutso behavior does help to mitigate it, because the trolls are identified as trolls, negating their concern-troll smokescreen narratives."  I totally agree with that!  Pointing out a troll comment *after the fact* for someone who might not recognize it otherwise is what you're talking about, but the comment in question doesn't identify anything.  Rather, it just says that trolls are coming.

    nope. it steals their power. who wants to troll when your troll narrative garbage has already been characterized as the nonsense it is?
  • Reply 86 of 92
    nolamacguynolamacguy Posts: 4,758member
    knowitall wrote: »

    Your reading skills are not that good.
    Look up 'apparently' ...

    There is of course another possibility why the string of security bugs slipped through, when Apple does have a security team.

    nope. it's not my reading skills, it's your absurd proposal that they "apparently" don't have a security team. that's nonsense. the alternative explanation is obvious and has been described by me already.
  • Reply 87 of 92
    nolamacguynolamacguy Posts: 4,758member
    knowitall wrote: »

    Aaaand Apple had viruses before it had Mac OS X.

    yes, which is exactly the proof that the BS "nobody writes viruses for OS X because it's user base is too small!" (SBO) is nonsense. get it?
  • Reply 88 of 92
    pbpb Posts: 4,244member
    Quote:
    Originally Posted by NolaMacGuy View Post



    previous Mac OS System versions had actual viruses targeting them in the wild, despite far, far fewer users than OS X.

     

    And this was before the era of the web. We still had the Internet but it was so rudimentary. At that time, the classic Mac OS viruses were spread mainly through diskettes, a process orders of magnitude slower than today's Internet-based spread. Yet, there were viruses. And a popular application to deal with them.

     

    Quote:
    Originally Posted by NolaMacGuy View Post



    again -- the only myth is the concept of security by obscurity.

    Indeed. The histories of classic Mac OS and (Mac) OS X juxtaposed, largely disprove this concept.

  • Reply 89 of 92
    mr. memr. me Posts: 3,221member
    pb wrote: »
    And this was before the era of the web. We still had the Internet but it was so rudimentary. At that time, the classic Mac OS viruses were spread mainly through diskettes, a process orders of magnitude slower than today's Internet-based spread. Yet, there were viruses. And a popular application to deal with them.

    Indeed. The histories of classic Mac OS and (Mac) OS X juxtaposed, largely disprove this concept.
    That's just nonsense. Macs running System 6 and System 7 were infected with viruses the same way the PC-compatibles running MS-DOS were infected. Viruses were introduced via floppy disk. As the Internet became popular, a higher percentage of Macs were connected to the Internet than machines running MS-DOS/Windows.
  • Reply 90 of 92
    mr. memr. me Posts: 3,221member
    Response removed.
  • Reply 91 of 92
    pbpb Posts: 4,244member
    Quote:
    Originally Posted by Mr. Me View Post



    That's just nonsense. Macs running System 6 and System 7 were infected with viruses the same way the PC-compatibles running MS-DOS were infected. Viruses were introduced via floppy disk.

    Did I say any different?

     

    Quote:
    Originally Posted by Mr. Me View Post



     As the Internet became popular, a higher percentage of Macs were connected to the Internet than machines running MS-DOS/Windows.

    And you know this how exactly? Even if what you say is true, how it is related to the discussion regarding viruses under OS X? We compare classic Mac OS and OS X, and the methods to spread viruses at their time.

Sign In or Register to comment.