Wednesday, August 05, 2015
Zero-day vulnerability in recent Mac OS 10 versions (to adware) getting attention of security researchers
OS 10.10 now is reported to have a “zero-day vulnerability” that would allow hackers to install adware without needing owner’s password approval. ArsTechnica has a story by Dan Goodin here. Some of this has to do with a “DYLD_PRINT_TO_FILE” exploit, a so-called “sudoers” hidden Unix or Linux file, blog post by Thomas Reed (and Adam Thomas).
It’s also unclear that existing security products could pick up this exploit. The vulnerability is said to live in 10.10.4 and in a beta version of 10.10.5.
It's interesting that more of these blog postings are showing snippets of deliberately "unsafe code".