A bug introduced in the most recent OS X update allegedly allows hackers to access unrestricted root user privileges, according to Ars Technica. This blunder on Apple’s part leaves a plethora of Mac users at risk to rootkits and other brands of persistent malware.
The bug, originally reported on Tuesday in a blog post written by security engineer Stefan Esser, serves as the exact type of security gap hackers usually exploit to circumvent security protections. Thanks to a clear flaw in the operating system’s code, however, now they don’t have to.
Related: 4 Men Arrested Over JPMorgan Chase Hacking Allegations
Recently, Microsoft had to issue a fix for bugs in its Windows operating systems that similarly exploited privilege elevations. These were due to an exploit found by Hacking Team, a Milan-based “offensive technology” company employed by governments around the world to deliver malware as a service. Hacking Team was also responsible for the recent exploits that targeted Adobe Flash, whose defenses have been strengthened as a result.
Esser writes that the privilege-escalation bugs found in OS X derive from a new features added in OS X 10.10 designed to log system errors. Developers at Apple, however, neglected to make use of the standard safeguards needed when amending the OS X dynamic linker dyld.
This oversight opens up the opportunity for hackers to initiate or produce files enabling root privileges. Files with such permissions can be dangerous and are able to be stored in any location within the OS X file system.
Related: 4.5 million patient records were accessed in UCLA hack
Additionally, Esser notes that “because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege escalation.”
Users of OS X 10.10.4 Yosemite and the beta version of the next update, 10.10.5, are at risk for the aforementioned vulnerability. The beta version of El Capitan, 10.11, on the other hand, is unburdened.
Esser supplemented his writings with a proof-of-concept exploit code showing how malware developers could elevate privileges without asking end-users for a password. Alternatively, developers of remote exploits whose applications typically carry out malicious code as a regular user rather than as root are also an increased risk.
Nonetheless, it wouldn’t be unusual to see Apple quietly patch this bug out in the coming weeks, as an Apple rep has already mentioned that its engineers are aware of Esser’s blog post.
- Two major security flaws in Adobe Flash and Windows found after Hacking Team leak
- Ransomware is the new hot threat everyone is talking about; what do you need to know?
- OS X 10.11 likely to have Control Center, new security scheme, and more
from Planet GS via John Jason Fallows on Inoreader http://ift.tt/1LEjDps
Gabe Carey
More Stories
‘My 401k Misses You’: Black Woman Pumped To Meet Donald Trump In Philadelphia – July 18, 2023 at 04:56PM
Energy Provider Warns of Impending ‘Crisis,’ ‘Blackout Conditions’ Driven By Biden Plans – July 18, 2023 at 04:20PM
Dog starts barking at cows crossing a bridge, so the cows stop to have a look. – July 17, 2023 at 02:27PM