Apple OS X vulnerable to big 0-day security flaw

A new vulnerability in Apple’s OS X is being exploited to install malware on systems, Ars Technica reported.

Security researcher Stefan Esser revealed the details of the vulnerability in July along with his own patch, saying that it is unclear whether Apple knows about the security problem.

While the problem seems to be fixed in beta versions of OS X 10.11, the current version of OS X (10.10.4) and the beta of OS X 10.10.5 are still vulnerable.

The vulnerability comes from new error-logging features that Apple added to OS X “Yosemite”, which lets attackers create files with root privileges.

Malwarebytes reported that it came across an exploitation of the bug in a new adware installer, which modifies the sudoers file.

Sudoers is a configuration file found on Unix systems which stipulates the users who are allowed to gain root access, and how.

After hacking the sudoers file, the installer goes on to install adware and junkware, said Malwarebytes.

There does not appear to be protection from the vulnerability, besides installing Esser’s fix. Users are warned to investigate the patch before installing it, though.

First firmware worm for Macs

News of an exploit for Esser’s DYLD_PRINT_TO_FILE local privilege escalation vulnerability appearing in the wild comes along with reports that the first firmware worm that attacks Macs has been developed.

Security researchers Xeno Kovah and Trammell Hudson told Wired that of the six PC firmware vulnerabilities they looked at, five affected Macs.

Wired reported that Kovah and Hudson notified Apple of the vulnerabilities. One has been patched, and another partially fixed. Three of the vulnerabilities remain unpatched.

Your Android smartphone can be hacked with one message

Watch how easy it is for criminals to jam your car remote

Massive Apple OS X, iOS security flaw revealed

Crash Skype with this simple message

How to easily crash an Apple iPhone

Latest news

Partner Content

Show comments


Share this article
Apple OS X vulnerable to big 0-day security flaw