Sudo Flaw Opens Potential Security Risk for OS X, Linux Users

| News

A security flaw in the command line tool sudo in OS X 10.7 and higher, as well as some Linux distributions, could give unauthorized root access to user's computers. The flaw was reported by Metasploit, a company that specializes in finding security issues and building utilities to point them out, but the steps needed to exploit this particular issue make it unlikely most Mac users will become victims before a patch is available.

The requirements are tight, but a command line security flaw poses a threat to Mac usersThe requirements are tight, but a command line security flaw poses a threat to Mac users

To take advantage of the exploit, an attacker needs to already have an administrator-level account on the Mac, physical or remote access to the machine, have already used the sudo command, and to set the system clock to January 1, 1970. The concoction needed to use the flaw makes it highly unlikely that the average Mac user will be at risk, but it does pose a potential threat in the IT work place, or for anyone that shares a Mac with someone that's command line-savvy.

Metasploit reported the vulnerability to Apple about five months ago, but so far a fix hasn't been issued. It's possible Apple hasn't seen this threat as a high priority and is planning on including a fix in an upcoming Mountain Lion update, or that it will be addressed in Mavericks when it ships this fall.

The big issue for people that do fall victim to the sudo flaw is that the attacker could install other malicious software without their knowledge to perform tasks like collecting files and passwords.

Apple hasn't commented on the security threat, and we most likely won't hear anything about it from the company until it shows up in the notes for a security patch.

[Thanks to Ars Technica for the heads up]

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Apple isn't the fastest at patching security flaws, or even publicly acknowledging them. The company has known about this one for at least five months and hasn't yet released a fix. The upside for Mac users is that the requirements to take advantage of the flaw are so specific that most people won't be susceptible while we wait for Apple to get their security patch out.

Popular TMO Stories



I read about this earlier this morning and I have to say I’m a bit confused. I thought the purpose of SUDO was to give someone root user access. It’s SUperuser DO. Why is this suddenly a security vulnerability? Anyone with admin rights that runs SUDO has always had the right to execute code and install software. That’s what it’s for. I’m missing something about this story.


Hi @geoduck. If you read the Ars article linked to in this article, you’d see that the exploit allows you to execute sudo without having to enter a password. It does it by tricking sudo into thinking the timestamp is still within the range of the timestamp_timeout.

I find this interesting, because there is code in sudo to ensure that the current time is NOT before the system boot time. Eh, complex code can generate simple logic flaws, huh?


Aha! Thanks. That was the part I missed.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account