Hackers exploit OS X zero-day vulnerability

The exploit takes advantage of a vulnerability in an environment variable DYLD_PRINT_TO_FILE in OS X 10.10.x, which is normally used for error logging.

The attack uses a vulnerability where root permission is gained on the computer without needing a password. As of Monday, the previously vulnerable beta version of 10.10.5 seems to be fixed.

Malwarebytes’ Reed said the attacks are troubling as there is now no fix for the vulnerability being targeted.

Hackers can modify a sudoers file, this determines, among other things, who is allowed to get root permissions in a Unix shell, and how.

“Basic security “hygiene” including ensuring regular and prompt application of operating system and application updates; minimisation of the attack surface through removing unnecessary or high risk applications (eg Java, flash); installation of basic security software (ie antivirus); and some user awareness of secure practices and behaviours in regard to email and internet usage goes a long way to mitigating this or any security vulnerability”.

But in quick succession, two new serious vulnerabilities in OS X have introduced Mac malware back into the conversation. Apple will have to release a patch for OS X that addresses this bug, and there’s hope that the company will do so through OS X 10.10.5.

Researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware. Check out the attached screenshot to see how the sudoers file was modified by the adware installer.

The exploit allows the hackers to install software without the need for a password. Until Apple fixes the security flaw, here’s how you can protect yourself from malware and adware. Fortunately, a separate researcher had already discovered the issue and notified Apple, so the Mac maker wasn’t caught completely by surprise.

“Unfortunately, Apple has not yet fixed this problem, and now it is beginning to bear fruit”, Reed said.

Thames said that another Apple bug, Thunderstrike 2, which will be revealed at Black Hat security conference in Las Vegas this week, is more concerning.

In related news, researchers Trammel Hudson and Xeno Kovah have demonstrated a proof-of-concept malware which targets Apple firmware.