USB Keyboard init Abort - Root Access Vulnerability
By: Richard Glaser - Revised: 2014-01-23 richardDownload Slides
–
PDF-File,
670.0 KB
Introduction
A vulnerability has been discovered, that with access to a USB Keyboard connected to the computer running on OS's Mac OS X 10.2.8 or earlier; a person can hold down Control + c during startup and be given access to a root shell prompt due to init crashing. Then they can easily compromise the Mac.Richard will discuss the vulnerability, give an example, and give a workaround to remove the vunerability.
Table Of Contents
- Learn the details of the exploit and see an example of the exploit.
On Mac OS X 10.2.8 or early the workaround is replace OR recompile init & modify ttys. On Mac OS X 10.3.x the workaround is modify ttys.
Step-by-step instructions for recompiling init, which may be part of the workaround for 10.2.8.
©2022 - University of Utah -
Marriott Library -
ITS - Apple Infrastructure
Disclaimer - 295 South 1500 East, Room 1705J, SLC, UT 84112 - 801.581.6494