wrong. this is not validating security by obscurity. SBO isn't sound and doesn't make a system secure. OS X is a good OS because of its software, not because it's not yet popular enough.
there have been few to no viruses (virus, not malware) in the wild on OS X. this is because of how it was built. OS X has more users than ever, and Apple has a huge target on its back -- yet still no viruses. previous Mac OS System versions had actual viruses targeting them in the wild, despite far, far fewer users than OS X.
again -- the only myth is the concept of security by obscurity.
"Todesco, who said he does security research in his spare time, said he notified Apple of the problems “a few hours before the exploit was published.”"
There's a lot more info in this posting about the 18 year old Italian who says he found two vulnerabilities, not just one. He also provided a patch for at least one of them so we can stop ragging on him for announcing it without telling Apple first (which he did but not with the normal amount of time).
----from Luca via GitHub
NULLGuard: This prevents binaries lacking __PAGEZERO from running.
Among other things, it fixes tpwn and renders a ton of bugs unexploitable.
note: some older binaries (10.4?) could also be affected, but I haven't yet encountered a non-malicious binary lacking PAGEZERO.
@Mojo66 Are you ready to compile Luca's NULLGuard and see if it actually disables the original vulnerability?
There's a lot more info in this posting about the 18 year old Italian who says he found two vulnerabilities, not just one. He also provided a patch for at least one of them so we can stop ragging on him for announcing it without telling Apple first (which he did but not with the normal amount of time).
Exactly what I figured -- it's a young developer who is just learning the right way to go about things. But I'm sure no one here has ever made a mistake while growing up and learning the conventions of the world. /s
Of course it does. The comment does nothing to prevent or identify trolls, as you suggest it does.
That is, you say, "and yes, indentifying this nutso behavior does help to mitigate it, because the trolls are identified as trolls, negating their concern-troll smokescreen narratives." I totally agree with that! Pointing out a troll comment *after the fact* for someone who might not recognize it otherwise is what you're talking about, but the comment in question doesn't identify anything. Rather, it just says that trolls are coming.
I disagree, obviously. trolls are less likely to put on their "Im very concerned" concern-troll masks when that narrative has already been described in posts preceding theirs. further, I don't believe doing so changes the tone (whatever that means). in fact the only people it could bother are trolls or contrarians, really.
I am not sure that this kid did the right thing, but he did post a simple bit of code that allows this to be fixed. I was wondering if anyone would be willing to post a "how to" for patching your own machine. I am less leary of adding this bit of code then putting a whole new beta version of OS X on my iMac. He also pointed out that the code will help with other exploits. You should take the good with the bad. He posted the exploit too soon, but he vulnerability looks pretty easy to fix and he posted a fix as well. The only reason he has not posted an easier fix that does not require command line is he lacks an Apple developer certificate.
So the danger is not that someone outside can get into your machine: the danger is that anyone who has physical access to your machine can take it over.
Isn't that always the case?
Quote:
Originally Posted by Mr Squid
No, this exploit does not require physical access to the computer.
Don't you have a firewall? I don't know about you but I don't allow FTP or SSH to my machines from outside of my network.
I found a bit of code from another Mac developer that added on Todesko's idea to his code. I did get it to run on my computer and it hung on the restart. Seems to be working now, so either I am safer or I am worse off because my computer may become unstable. So far it looks good. I naively did the install because of how short Todesko's code appeared to be. Here is the link to the developer that added Todesko's hack to his compiled code: http://suidguard.com/stories/index.html
The developer is Stefan Esser. If anyone has information about him I would appreciate knowing about him. I "assume" I can roll back timemachine and get to my system file before the changes were made.
Anyway it seems to be working so far with no bad side effects.
The Italian developer needs get a call from the lawyers at Apple and let him know that he might be getting a bill from anyone who will be affected by his public disclosure of the bug.
There are consequences to every action. Publishing something publicly and putting people at risk is a criminal act - just ask Edward Snowden.
I missed the /s flag.
Don't blame the messenger, blame Apple for not fixing this preemtively.
"Todesco, who said he does security research in his spare time, said he notified Apple of the problems “a few hours before the exploit was published.”"
There's a lot more info in this posting about the [SIZE=16px]18 year old[/SIZE] Italian who says he found two vulnerabilities, not just one. He also provided a patch for at least one of them so we can stop ragging on him for announcing it without telling Apple first (which he did but not with the normal amount of time).
<p style="color:rgb(51,51,51);margin-bottom:16px;">----from Luca via GitHub
NULLGuard: This prevents binaries lacking __PAGEZERO from running.
Among other things, it fixes tpwn and renders a ton of bugs unexploitable.
note: some older binaries (10.4?) could also be affected, but I haven't yet encountered a non-malicious binary lacking PAGEZERO.</p>
<p style="color:rgb(51,51,51);margin-bottom:16px;"><a data-huddler-embed="href" href="/u/172380/Mojo66" style="display:inline-block;">@Mojo66</a>
Are you ready to compile Luca's NULLGuard and see if it actually disables the original vulnerability?</p>
Right... So he's good enough to find security bugs at 18 but moronic enough to not know about security orgs and protocols that existed since he was pissing his pants. He's a cretin. This is not a small boo boo, vut a major f- up.
In the article from the 07.07. he says "At the moment it is unclear if Apple knows about this security problem or not, because while it is already fixed in the first betas of OS X 10.11, it is left unpatched in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5." From this I take it that he did not inform Apple prior to publishing this.
I am not sure that this kid did the right thing, but he did post a simple bit of code that allows this to be fixed. I was wondering if anyone would be willing to post a "how to" for patching your own machine. I am less leary of adding this bit of code then putting a whole new beta version of OS X on my iMac. He also pointed out that the code will help with other exploits. You should take the good with the bad. He posted the exploit too soon, but he vulnerability looks pretty easy to fix and he posted a fix as well. The only reason he has not posted an easier fix that does not require command line is he lacks an Apple developer certificate.
'm sure fracking grandma will appreciate applying an untested patch... Or do you think he actually bought the dozens of machines required to do the patch. He must be an idiot savant for sure.
There is a correct way of doing things. There is a procedure for notifying Apple about security issues.
Both have been ignored and the guy publicly posted a 'how to' to the world.
If you feel that it's your 'right' to publicly post security breaches then it should also be the 'right' of people affected by his publication to be compensated.
No he did not test the code on multiple boxes, but the code itself is very simple. On a well written operating system like OS X it should not be a problem. It maybe a problem, but I have not seen any on my iMac (21.5-inch, Mid 2010). I am not using this for secure operations like credit card processing. It is my email and web browsing box at work. I did not apply his code because it was not compiled. I used the other link I listed above. The code hung just after finishing installing. I restarted the machine and it seems to be working fine. My next question is how can I test if it worked without attempting to execute malware code?
His suggested fix sounded really simple and easy to do. I am not sure why Apple has not done this. There must be some reason somewhere or simple corporate paranoia. Either way it will soon be fixed with the newest OS update next month. I don't search the dark parts of the web or install anything non commercial on my machine, except for this one patch. So we shall see how it all turns out.
Interesting and thanks. I'm not quite certain how rootless works yet but I hope to get a good understanding over the coming months.
Since most Macs are single user machines, the end user password is actually the root password in many cases. Because of this, Apple has placed restrictions on what that user can do. Only Apple signed code can do certain things like write files inside /System and some other directories. Third party code is also restricted. People type in their password all the time without giving a second thought to the fact that an application is requesting permission to do something and by typing in your password you are essentially giving that third party app root privileges.
Comments
wrong. this is not validating security by obscurity. SBO isn't sound and doesn't make a system secure. OS X is a good OS because of its software, not because it's not yet popular enough.
there have been few to no viruses (virus, not malware) in the wild on OS X. this is because of how it was built. OS X has more users than ever, and Apple has a huge target on its back -- yet still no viruses. previous Mac OS System versions had actual viruses targeting them in the wild, despite far, far fewer users than OS X.
again -- the only myth is the concept of security by obscurity.
Aaaand Apple had viruses before it had Mac OS X.
Todesco Tweeted:
http://www.pcworld.com/article/2971772/security/italian-teen-finds-two-zeroday-vulnerabilities-in-os-x.html
"Todesco, who said he does security research in his spare time, said he notified Apple of the problems “a few hours before the exploit was published.”"
There's a lot more info in this posting about the 18 year old Italian who says he found two vulnerabilities, not just one. He also provided a patch for at least one of them so we can stop ragging on him for announcing it without telling Apple first (which he did but not with the normal amount of time).
----from Luca via GitHub
NULLGuard: This prevents binaries lacking __PAGEZERO from running.
Among other things, it fixes tpwn and renders a ton of bugs unexploitable.
note: some older binaries (10.4?) could also be affected, but I haven't yet encountered a non-malicious binary lacking PAGEZERO.
@Mojo66 Are you ready to compile Luca's NULLGuard and see if it actually disables the original vulnerability?
There's a lot more info in this posting about the 18 year old Italian who says he found two vulnerabilities, not just one. He also provided a patch for at least one of them so we can stop ragging on him for announcing it without telling Apple first (which he did but not with the normal amount of time).
Exactly what I figured -- it's a young developer who is just learning the right way to go about things. But I'm sure no one here has ever made a mistake while growing up and learning the conventions of the world. /s
I disagree, obviously. trolls are less likely to put on their "Im very concerned" concern-troll masks when that narrative has already been described in posts preceding theirs. further, I don't believe doing so changes the tone (whatever that means). in fact the only people it could bother are trolls or contrarians, really.
I am not sure that this kid did the right thing, but he did post a simple bit of code that allows this to be fixed. I was wondering if anyone would be willing to post a "how to" for patching your own machine. I am less leary of adding this bit of code then putting a whole new beta version of OS X on my iMac. He also pointed out that the code will help with other exploits. You should take the good with the bad. He posted the exploit too soon, but he vulnerability looks pretty easy to fix and he posted a fix as well. The only reason he has not posted an easier fix that does not require command line is he lacks an Apple developer certificate.
So the danger is not that someone outside can get into your machine: the danger is that anyone who has physical access to your machine can take it over.
Isn't that always the case?
No, this exploit does not require physical access to the computer.
Don't you have a firewall? I don't know about you but I don't allow FTP or SSH to my machines from outside of my network.
I found a bit of code from another Mac developer that added on Todesko's idea to his code. I did get it to run on my computer and it hung on the restart. Seems to be working now, so either I am safer or I am worse off because my computer may become unstable. So far it looks good. I naively did the install because of how short Todesko's code appeared to be. Here is the link to the developer that added Todesko's hack to his compiled code: http://suidguard.com/stories/index.html
The developer is Stefan Esser. If anyone has information about him I would appreciate knowing about him. I "assume" I can roll back timemachine and get to my system file before the changes were made.
Anyway it seems to be working so far with no bad side effects.
I missed the /s flag.
Don't blame the messenger, blame Apple for not fixing this preemtively.
Isn't that always the case?
Don't you have a firewall? I don't know about you but I don't allow FTP or SSH to my machines from outside of my network.
I can't remember: What's the standard system's setting when you unbox and setup your mac regarding the firewall?
The developer is Stefan Esser. If anyone has information about him I would appreciate knowing about him.
http://www.hardened-php.net/stefan_esser.24.html
Here he writes about the DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability:
https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html
In the article from the 07.07. he says "At the moment it is unclear if Apple knows about this security problem or not, because while it is already fixed in the first betas of OS X 10.11, it is left unpatched in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5." From this I take it that he did not inform Apple prior to publishing this.
I can't remember: What's the standard system's setting when you unbox and setup your mac regarding the firewall?
Off.
I use SonicWall and I am on static IP with ethernet, although if you use just about any WiFi router, they are by default, pretty secure.
There is a correct way of doing things. There is a procedure for notifying Apple about security issues.
Both have been ignored and the guy publicly posted a 'how to' to the world.
If you feel that it's your 'right' to publicly post security breaches then it should also be the 'right' of people affected by his publication to be compensated.
Mavericks is vulnerable too.
All I'm reading is that the exploit would allow something.
If you have access to root don't you then have access to all everything?
Not with El Capitan, but it is correct for Yosemite.
Interesting and thanks. I'm not quite certain how rootless works yet but I hope to get a good understanding over the coming months.
No he did not test the code on multiple boxes, but the code itself is very simple. On a well written operating system like OS X it should not be a problem. It maybe a problem, but I have not seen any on my iMac (21.5-inch, Mid 2010). I am not using this for secure operations like credit card processing. It is my email and web browsing box at work. I did not apply his code because it was not compiled. I used the other link I listed above. The code hung just after finishing installing. I restarted the machine and it seems to be working fine. My next question is how can I test if it worked without attempting to execute malware code?
His suggested fix sounded really simple and easy to do. I am not sure why Apple has not done this. There must be some reason somewhere or simple corporate paranoia. Either way it will soon be fixed with the newest OS update next month. I don't search the dark parts of the web or install anything non commercial on my machine, except for this one patch. So we shall see how it all turns out.
Interesting and thanks. I'm not quite certain how rootless works yet but I hope to get a good understanding over the coming months.
Since most Macs are single user machines, the end user password is actually the root password in many cases. Because of this, Apple has placed restrictions on what that user can do. Only Apple signed code can do certain things like write files inside /System and some other directories. Third party code is also restricted. People type in their password all the time without giving a second thought to the fact that an application is requesting permission to do something and by typing in your password you are essentially giving that third party app root privileges.