Safari (and general Mac OS X) critical security vulnerability

Aron Roberts wrote:
> 
>   In addition, many campus Mac OS X users are likely to
be working in a 
> user account with Admin privileges - which is the
default for the first 
> account set up under Mac OS X - so any malware would
run with those 
> privileges.

I don't think that's necessarily true; an OS X account
with Admin privileges 
still needs to authenticate (via sudo or a dialog box)
before it gets 
super-user privilege.  I think an attacker would have to
convince the user to 
type in their password to run with super-user privilege.

Of course, there are plenty of bad things you can do without
super-user privs, 
such as searching through your address book and Safari cache
for email 
addresses for the purposes of spam or worm activity.

-- 
Tom Holub (tom_holubLS.Berkeley.EDU, 510-642-9069)
Director of Computing, College of Letters & Science
249 Campbell Hall
<http://LS.berkeley.e
du/lscr/>

------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.

I wrote:
>   In addition, many campus Mac OS X users are likely to
be working 
>in a user account with Admin privileges - which is the
default for 
>the first account set up under Mac OS X - so any malware
would run 
>with those privileges.

At 15:43 -0800 2006-02-23, Tom Holub replied:
>I don't think that's necessarily true; an OS X account
with Admin 
>privileges still needs to authenticate (via sudo or a
dialog box) 
>before it gets super-user privilege.

   Tom's correct: malware which reaches a user's system
via this 
gaping wide open Mac OS X vulnerability would run as if it
were:

  a) logged in as the current user; but
  b) didn't know that user's password

which would prevent it, at least outright, from performing
tasks 
which require super-user privileges, even when running
within an 
Admin user's account.

>   I think an attacker would have to convince the user
to type in 
>their password to run with super-user privilege.

   True, and that's likely why its of greater concern if
the current 
user is an Admin user.  Once malware is executed, if it can
trick 
that type of user into entering their user password, it will
then be 
able to perform just about any action it wishes on the
system.  A 
script could pretty easily put up a convincing GUI dialog - 
indistinguishable from a dialog presented by the OS or a
legitimate 
application - that might be able to trick a substantial
fraction of 
users to give up that password.

   Even without having the user's password, a script which
executes 
with the privileges of the current user on a Mac OS X system
- 
whether or not the user is an Admin user, and whether or not
the 
script has access to that user's password - can typically
wreak a 
fair amount of havoc, from mischievous to malicious.

Aron Roberts
Workstation Software Support Group

------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.be
rkeley.edu/>.