A vulnerability in the handling of BOM files allows to set rogue permissions on the filesystem via the 'diskutil' tool. This can be used to execute arbitrary code and escalate privileges. A malicious user could create a BOM declaring new permissions for specific filesystem locations (ex. binaries, cron and log directories, etc). Once 'diskutil' runs a permission repair operation the rogue permissions would be set, allowing to plant a backdoor, overwrite resources or simply gain root privileges.
For further information:
- Apple DiskManagement BOM Local Privilege Escalation Vulnerability
- Exploits: MOAB-05-01-2007.rb and MOAB-05-01-2007_cron.rb (uses crontab, recommended).
