Comment on First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS
RegularJoe@lemmy.world 3 weeks ago
There aren’t many technical details, but the vulnerability is simple in practice: run a command as a standard user and gain root (administrator) access to the machine. Macs are rarely servers, so the practical impact is limited. However, the exploit remains concerning, as it’s relatively easy to trick a user into running it and, with full system control, also hard to find and remove.
“the practical impact is limited.” but if it’s your Mac…
artyom@piefed.social 3 weeks ago
That doesn’t sound like an exploit at all. You can “trick a user” into running
sudo rm -rfas well. That’s not an exploit.kungen@feddit.nu 3 weeks ago
If you can get root as a standard user, without providing your password, it is indeed an exploit.
artyom@piefed.social 3 weeks ago
If in order to get root, you just convince another user to give it to you, that is not an exploit.
kungen@feddit.nu 3 weeks ago
??? Do you not understand how privilege elevation works? You normally need to provide your password to get root. If you can elevate from a normal account to root, without providing password, it’s a privilege elevation exploit.
WaxRhetorical@lemmy.world 3 weeks ago
… Or some application you use frequently unfortunately uses a now hijacked package for some features, meaning an antagonist is now able to get root on your device without you or anyone else realising.