Comment on First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS
RegularJoe@lemmy.world 18 hours ago
There aren’t many technical details, but the vulnerability is simple in practice: run a command as a standard user and gain root (administrator) access to the machine. Macs are rarely servers, so the practical impact is limited. However, the exploit remains concerning, as it’s relatively easy to trick a user into running it and, with full system control, also hard to find and remove.
“the practical impact is limited.” but if it’s your Mac…
artyom@piefed.social 15 hours ago
That doesn’t sound like an exploit at all. You can “trick a user” into running
sudo rm -rfas well. That’s not an exploit.kungen@feddit.nu 14 hours ago
If you can get root as a standard user, without providing your password, it is indeed an exploit.
artyom@piefed.social 10 hours ago
If in order to get root, you just convince another user to give it to you, that is not an exploit.
kungen@feddit.nu 9 hours ago
??? Do you not understand how privilege elevation works? You normally need to provide your password to get root. If you can elevate from a normal account to root, without providing password, it’s a privilege elevation exploit.