Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

In-the-wild attack exploits unpatched OS X zero-day vulnerability

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Last month, security researcher Stefan Esser published details and proof-of-concept code of a zero-day vulnerability in OS X Yosemite that could allow a hacker to easily escalate their privileges, and take complete control over Mac computers.

Esser chose not to contact Apple about the DYLD_PRINT_TO_FILE vulnerability - which remains currently unpatched in OS X Yosemite, despite it curiously being fixed in the beta version of the next iteration of OS X, El Capitan.

Now, security firm Malwarebytes has discovered an in-the-wild attack exploiting the vulnerability, where root permission is gained on the computer without a password being needed.

According to the firm, the attack installs a version of the VSearch and Genio adware, alongside a copy of the controversial MacKeeper app.

The VSearch adware is frequently hidden within installers for bogus video streamers. Once it has got its claws into your Mac, you will find yourself pestered by pop-up adverts and find your online searches redirected to a different search engine to generate revenue for the attackers.

As a final flourish, according to Thomas Reed of Malwarebytes who analysed the latest attack, users are being directed to an app called Download Shuttle app in the Mac App Store.

PtIkDOo.jpg

Download Shuttle on the Mac App store. Source: Malwarebytes

It's worrying to see the vulnerability is now being exploited by bad guys, and the lack of response so far from Apple as to how they expect Yosemite users to protect themselves.

Right now, with no fix currently available from Apple itself, your best course of action may be to trust Stefan Esser - the same guy who made the vulnerability public in the first place.

Esser's firm SektionEins has released a kernel extension called SUIDGuard that protects computers from the threat. You can download its source code from GitHub.

For more information on the latest attack, check out Thomas Reed's post on the Malwarebytes blog.

Source

Link to comment
Share on other sites
  • Views 588
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...