Hackers are currently exploiting a bug in the latest, fully-patched version of Mac OS X that allows them to obtain root user privileges without entering a password. This gives a hacker an easy way to install malware and other malicious software without the user's permission.
This privilege-escalation flaw has come about due to Apple's introduction of a new error-logging system in OS X 10.10. According to Ars Technica, developers didn't use safeguards involving "additions to the OS X dynamic linker dyld" in the creation of this system. Without the safeguards, attackers can open or create files with root privileges stored anywhere in the OS X filesystem.
The zero-day vulnerability with OS X was first detailed by a security researcher two weeks ago, noting that the bug is present in both the current version of OS X 10.10.4 'Yosemite' as well as the latest beta version (10.10.5). However it appears as though Apple has resolved the issue in the current beta builds for OS X 10.11 'El Capitan', indicating Apple's OS developers are aware of this vulnerability.
Unfortunately Apple haven't been able to patch the vulnerability in non-beta versions of OS X in time. Malwarebytes have discovered that the bug is being actively exploited in the wild through a malicious installer that attempts to infect Macs with adware including VSearch and MacKeeper.
There's not a whole lot a Mac user can do to prevent themselves from being infected, aside from being sensible on the internet. Apple will have to release a patch for OS X that addresses this bug, and there's hope that the company will do so through OS X 10.10.5.
https://www.techspot.com/news/61623-privilege-escalation-bug-mac-os-x-1010-currently.html
