Mac OS Flaw Exposes Root Privileges | eWeek

Mac OS Flaw Exposes Root Privileges

Écrit par
Dennis Fisher
Dennis Fisher
Oct 19, 2001
1 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A newly discovered flaw in Apple Computer Inc.s OS X operating system could enable an attacker to gain root privileges on a vulnerable machine.

The problem is in the NetInfo Manager, an application that is used to set up multilevel hierarchies. By opening the application and performing several simple steps, an attacker can easily gain root privileges on a Mac.

However, the Nibindd daemon, which is used to create and destroy NetInfo servers, does not run by default and is not commonly used, experts say, making it unlikely that the flaw will be exploited on a widespread basis.

“It does not run by default. I think someone would actively have to turn those services on for it to be a problem,” said Kevin Long, information security analyst at TruSecure Corp. in Reston, Va. According to several messages posted to the Bugtraq mailing list this week, the exploit works on versions 10 and 10.1—which is the most current—of the Mac OS.

Apple, based in Cupertino, Calif., released on Friday a patch for the problem.

Long and Jon McCown, senior technical director at TruSecure, said you can also work around the problem by changing the permission levels on the NetInfo Manager.

Mac OS X is shipped pre-installed on all Macs.

Apple did not return a call for this story.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.