OS X Zero-Day Exploit Leaves Mac Users Vulnerable to Hackers

Apple users have largely skirted the bugs, viruses and other malicious software that plague Microsoft Windows and GoogleEUs Android. But this flaw in AppleEUs OS X is serious enough to sound the alarm.

The big problem began when German security researcher Stefan Esser published details about a zero-day vulnerability in OS X without telling Apple first. ItEUs no surprise, then, that bad actors moved quickly to exploit the flaw.

Adam Thomas, a researcher at security firm Malwarebytes, just discovered the first-known exploit of the Yosemite zero-day vulnerability. ItEUs an adware installer that actually modified a file that controls who can run what commands on a machine while Thomas was testing it.

The Sudoers File

EUFor those who donEUt know, the sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how,EU said Thomas Reed, director of Mac Offerings at Malwarebytes. EUThe modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.EU

Reed said the script that exploits the DYLD_PRINT_TO_FILE vulnerability is written to a file and then executed. In stealth-mode style, part of the script involves deleting itself when itEUs finished. Still, the real genius of the script is how it modifies the sudoers file.

EUThe change made by the script allows shell commands to be executed as root using sudo, without the usual requirement for entering a password,EU Reed said. EUThen the script uses sudoEUs new password-free behavior to launch the VSInstaller app, which is found in a hidden directory on the installerEUs disk image, giving it full root permissions, and thus the ability to install anything, anywhere.EU

Very Bad News

Reed called it what it is: very bad news. The worse part is that Apple has reportedly...

Comments are closed.