Root via System Login Items
Yes, ladies and gentlemen there is yet another privilege escalation vulnerability in fully patched Mac OS X systems. It’s very telling that after Apple switched to Intel and saw an increase in sales, the security community began to look at Mac OS X and found holes just waiting to be exploited. Naturally nobody at Apple or the community at large will ever admit it but it seems that the assertion from many in the security community that OS X was protected from exploits due to an insignificant marketshare is beginning to ring true.
It’s just a shame to watch a BSD UNIX derived operating system go down in flames so spectacularly. The upside is that I never completed my order for a handful of XServes to run a business venture, so I’m not sitting on thousands of dollars worth of hardware just begging to be rooted. I can’t run a computing grid and remote backup service when trivial root escalation vulnerabilities start coming out of the woodwork. How can I say to a client that I will protect their data when I can’t protect root?