USB Keyboard init Abort - Root Access Vulnerability

By: Richard Glaser - Revised: 2014-01-23 richard

Download Slides – PDF-File, 670.0 KB


A vulnerability has been discovered, that with access to a USB Keyboard connected to the computer running on OS's Mac OS X 10.2.8 or earlier; a person can hold down Control + c during startup and be given access to a root shell prompt due to init crashing. Then they can easily compromise the Mac.

Richard will discuss the vulnerability, give an example, and give a workaround to remove the vunerability.

Table Of Contents
    Learn the details of the exploit and see an example of the exploit.

    On Mac OS X 10.2.8 or early the workaround is replace OR recompile init & modify ttys. On Mac OS X 10.3.x the workaround is modify ttys.

    Step-by-step instructions for recompiling init, which may be part of the workaround for 10.2.8.