Getting root access in Mac OS X without a password
A brief post about a vulnerability found about six months ago.
The exploit allows an attacker to get root access to the system without a password due to a sudo vulnerability. Work tested on Mac OS 10.7 - 10.8.4, may also be vulnerable earlier versions. The work of the exploit is possible due to the ability to transfer time in Mac OS to the first of January 1970 without a password.
An exploit is available for a couple of days in Metasploit.
(via packetstormsecurity )
The exploit allows an attacker to get root access to the system without a password due to a sudo vulnerability. Work tested on Mac OS 10.7 - 10.8.4, may also be vulnerable earlier versions. The work of the exploit is possible due to the ability to transfer time in Mac OS to the first of January 1970 without a password.
An exploit is available for a couple of days in Metasploit.
(via packetstormsecurity )
')
Source: https://habr.com/ru/post/192054/
All Articles