Wednesday, August 05, 2015

Zero-day vulnerability in recent Mac OS 10 versions (to adware) getting attention of security researchers


OS 10.10 now is reported to have a “zero-day vulnerability” that would allow hackers to install adware without needing owner’s password approval.  ArsTechnica has a story by Dan Goodin here. Some of this has to do with a “DYLD_PRINT_TO_FILE” exploit, a so-called “sudoers” hidden Unix or Linux file, blog post by Thomas Reed (and Adam Thomas).   

It’s also unclear that existing security products could pick up this exploit.  The vulnerability is said to live in 10.10.4 and in a beta version of 10.10.5.

It's interesting that more of these blog postings are showing snippets of deliberately "unsafe code". 

Apple (including personnel in stores) will have to start becoming more forthright on security vulnerabilities and on the expected security products and habits, as is already well known with PC’s.

No comments: