SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Timbuktu Mac OS X Security Hole – “The Sneak Preview”

Posted on June 4, 2001

Netopia has released Timbuktu Preview for Mac OS X. There is a 29.95 charge for this software. Timbuktu is remote administration software which runs on Windows and Macintosh platforms. We received a E-Mail from Ed noting of a security hole with this product that lets a user @ the console have access without even having to log in to Mac OS X. The problem was reported to Netopia and because this is only a preview version we will look for a fix in the next release.

Scenario

At the login screen of the freshly updated Mac OS X with preview version of Timbuktu for Mac OS X we have found a Timbuktu icon in the upper right hand portion of the screen. The menu contains all of the goodies (open timbuktu, turn tcp on/off, about, etc) Timbuktu users have known and loved from the classic OS. The menu About Timbuktu when clicked on gives you full control to the apple menu and system preferences without even being logged into OS X.

Having access to the System Preferences without being logged in can allow access to the users panel where someone could change passwords or any system setting.

Essentially, you’ve got admin access to the entire system prefs window and the users panel even shows the hidden admin/root user. Some say this is something not that large because you can gain full access through single user mode also, SM feels that the problem should be addressed by Netopia ASAP.

If you have purchased this product and would like this issue taken care of please contact Netopia.

Join our mailing list for the latest security news and deals