Apple 10249 Published by

Users looking to exploit a vulnerability in the Sudo Unix command, originally reported back in March, have received some assistance, reports Ars Technica.



From MacRumors:
The developers of Metasploit, software that makes it easier to misuse vulnerabilities in operating systems and applications, have added the Sudo vulnerability to their software suite. All versions of OS X from OS X Lion 10.7 through the current Mountain Lion 10.8.4 remain vulnerable. Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine.
  OS X Vulnerability Can Allow Superuser Access to Unauthorized Users