A new vulnerability in Apple’s OS X is being exploited to install malware on systems, Ars Technica reported.
While the problem seems to be fixed in beta versions of OS X 10.11, the current version of OS X (10.10.4) and the beta of OS X 10.10.5 are still vulnerable.
The vulnerability comes from new error-logging features that Apple added to OS X “Yosemite”, which lets attackers create files with root privileges.
Malwarebytes reported that it came across an exploitation of the bug in a new adware installer, which modifies the sudoers file.
Sudoers is a configuration file found on Unix systems which stipulates the users who are allowed to gain root access, and how.
After hacking the sudoers file, the installer goes on to install adware and junkware, said Malwarebytes.
There does not appear to be protection from the vulnerability, besides installing Esser’s fix. Users are warned to investigate the patch before installing it, though.
First firmware worm for Macs
News of an exploit for Esser’s DYLD_PRINT_TO_FILE local privilege escalation vulnerability appearing in the wild comes along with reports that the first firmware worm that attacks Macs has been developed.
Security researchers Xeno Kovah and Trammell Hudson told Wired that of the six PC firmware vulnerabilities they looked at, five affected Macs.
Wired reported that Kovah and Hudson notified Apple of the vulnerabilities. One has been patched, and another partially fixed. Three of the vulnerabilities remain unpatched.