Security: Hack Mac OS X With Installer Packages

1 Reply

MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.

From the article: By creating a malicious package and setting the authorization level to AdminAuthorization in the package, an attacker can modify root-owned files, execute commands as root, or install setuid-root programs without alerting the user that such actions are taking place. The problem is compounded when you consider that over 90% of Mac OSi X users run as the administrator user because it's what the default user created by the system is.

(via Slashdot)

One thought on “Security: Hack Mac OS X With Installer Packages

  1. KR.Senthil Kumar

    Dear all i want to plexeraser
    please provide details send me mail
    Permanently remove or erase data from CD and DVD

    Reply

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>