Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Edit Remote Files in Your Favorite Utility with Fetch

If you use the Fetch FTP client and want to, for instance, edit remote .html files with one application but .css files with another, you can set this up easily: In Fetch, select a .html file and click the Get Info button on the toolbar. In the Get Info window, in the Transfer Option section, choose your desired program from the "Edit files like this with" pop-up menu. Repeat the procedure for a .css file, and you're ready to go!

Visit Fetch Softworks

 
 

Hackers Can Root Macs by Going Back in Time

Send Article to a Friend

A bug in OS X 10.8 Mountain Lion and 10.7 Lion allows attackers to gain superuser access if they reset the clock to 1 January 1970. The bug shouldn’t affect most people, as the attacker also needs shell access to the Mac, and the user must have enabled superuser access in the past.favicon follow link

 

Comments about Hackers Can Root Macs by Going Back in Time
(Comments are closed.)

James Bailey  An apple icon for a TidBITS Supporter 2013-09-03 12:08
There is a partial workaround for this problem that I use. I edit the bash logout file .bash_logout to include this line:

sudo -K

(that's a capital K).

This will remove any past sudo shell access from your history and block this exploit but only when you logout from the shell. When using sudo for anything, I always create a new shell window in Terminal and exit when I'm done. This ensures that the logout script runs.

The best part is that if or when Apple fixes this, you don't really have to do anything because the only consequence to doing this is that you get the initial warning message each time you used sudo instead of just the first time.