Last week, Apple updated Mac OS X to version 10.8.5. While that was promoted as mainly fixing a few minor bugs and adding some small features, the updates also fixed a major Mac security vulnerability.
As Paul Ducklin at Sophos’ Naked Security blog points out, the 10.8.5 update also fixes a bug which let anyone escalate their privileges using the sudo command by a simple hack requiring not much more than changing the system date to 01 Jan 1970. The update also fixes the bug which caused certain six character strings to crash entire applications, so it seems worth installing.
Apple ships OS X 10.8.5 security update – fixes “sudo” bug at last [Naked Security]