Nelson's log

MacOS security update only for Yosemite

Apple designed MacOS with an API that lets you escalate privileges from any user to root without proper authentication. No, really. This leads to CVE-2015-1130, details not yet published. It’s a pretty severe bug from the looks of it; not quite a remote exploit, but once an attacker can run code on your system they are root. Apple pushed a patch for it this week. But only to Yosemite.

The shape of the bug is really ugly too. It looks like Apple put in some weird backdoor API for stuff to escalate to root, so you can run Preferences or the like as a normal user. And they tried to lock that down in various ineffectual ways, like userspace binaries checking if they are running as root, but left the API in the kernel. Ugh.