Privilege escalation bug in Mac OS X 10.10 currently being exploited

By Scorpus
Aug 4, 2015
Post New Reply
  1. Hackers are currently exploiting a bug in the latest, fully-patched version of Mac OS X that allows them to obtain root user privileges without entering a password. This gives a hacker an easy way to install malware and other malicious software without the user's permission.

    This privilege-escalation flaw has come about due to Apple's introduction of a new error-logging system in OS X 10.10. According to Ars Technica, developers didn't use safeguards involving "additions to the OS X dynamic linker dyld" in the creation of this system. Without the safeguards, attackers can open or create files with root privileges stored anywhere in the OS X filesystem.

    The zero-day vulnerability with OS X was first detailed by a security researcher two weeks ago, noting that the bug is present in both the current version of OS X 10.10.4 'Yosemite' as well as the latest beta version (10.10.5). However it appears as though Apple has resolved the issue in the current beta builds for OS X 10.11 'El Capitan', indicating Apple's OS developers are aware of this vulnerability.

    Unfortunately Apple haven't been able to patch the vulnerability in non-beta versions of OS X in time. Malwarebytes have discovered that the bug is being actively exploited in the wild through a malicious installer that attempts to infect Macs with adware including VSearch and MacKeeper.

    There's not a whole lot a Mac user can do to prevent themselves from being infected, aside from being sensible on the internet. Apple will have to release a patch for OS X that addresses this bug, and there's hope that the company will do so through OS X 10.10.5.

    Permalink to story.

  2. tonylukac

    tonylukac TS Evangelist Posts: 1,374   +69

    The whole idea is not that bright, just copied form linux and quite a power struggle at workplaces. Just don't change your files in the browers, and that's all. Files osmehow still get changed in firefox, and what do android and iphone do. No elevation.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...