USB Keyboard init Abort - Root Access Vulnerability
By: Richard Glaser - Revised: 2014-01-23 richard
Introduction
A vulnerability has been discovered, that with access to a USB Keyboard connected to the computer running on OS's Mac OS X 10.2.8 or earlier; a person can hold down Control + c during startup and be given access to a root shell prompt due to init crashing. Then they can easily compromise the Mac.
Richard will discuss the vulnerability, give an example, and give a workaround to remove the vunerability.
Table Of Contents
Learn the details of the exploit and see an example of the exploit.
On Mac OS X 10.2.8 or early the workaround is replace OR recompile init & modify ttys.
On Mac OS X 10.3.x the workaround is modify ttys.
Step-by-step instructions for recompiling init, which may be part of the workaround for 10.2.8.