The latest version of OS X comes with a new bug which can be exploited by hackers, enabling them to install all sorts of malware on your Mac, even without knowing your password.
The bug is caused by a new OS X feature that logs errors, something which was recently revealed to be quite vulnerable to hackers, enabling them to create files with root privileges anywhere on OS X.
All About The Latest OS X Vulnerability
In a recent blog post, anti-malware company Malwarebytes described the problem, stating that it is related to the sudoers file, which “is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how.”
Moreover, as the author explained, this modification “allowed the app to gain root permissions via a Unix shell without needing a password.”
Since the bug is on the current version of OS X (10.10.4), a lot of users might be at risk. On the other hand, the bug is not in a beta release of 10.11, suggesting that Apple knew about the problem and are working on a solution.
So what exactly is this malware and how does it work?
The malicious software has been named DYLD_PRINT_TO_FILE due to the fact that it is an exploit of the infected command, and it is capable of issuing commands and controlling the passwords needed to issue those commands.
This ability means vulnerable Macs can become an access point for adware, something hackers can easily implement taking advantage of this bug. This vulnerability has already been patched in both the OS X 10.11 El Capitan beta, as well as in the OS X 10.10.5 beta, however he former will not be released until sometime this fall.
This is how the infecting command looks in the user’s subdoers file:
echo ‘echo “$(whoami) ALL=(ALL) NOPASSWD:ALL” >&3′ | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo –s
Since the issue has made some waves in the IT community, Apple quickly moved to revoke the malware’s certificate. What this means is that Gatekeeper (which is Apple’s service responsible for blocking untrusted programs) will prevent it from launching.
The company is also working on updates to OS X’s anti-malware definitions, so that the malware will be rejected in the future as soon as any external installation attempts are made.
Gatekeeper is a very important player in situations such as this one due to its ability to revoke certificates. This makes using a Mac computer safer while Apple works behind the scenes on a patch to fix the bug.
With the expected release of OS X El Capitan, System Integrity Prospection will become the newest certificate protection component, and will do even more to limit potential threats.
Also, Apple is encouraging customers to use the Mac Apple Store as the only source for apps, since every app there is thoroughly checked for any viruses or vulnerabilities before being released.
How will this vulnerability affect you?
Though it has the potential to cause you some problems if you’re running OS X 10.10.4, DYLD_PRINT_TO_FILE isn’t quite as serious as you might fear.
Due to the fact that Apple promptly removed the malware’s certificate, a lot of its ability to do harm has been taken away, though we’ll have to wait for a patch to see the problem go away entirely.
So even though there’s no reason to panic, you should still be wary of downloading software from sites you don’t trust or email. This should be something you do anyway, at all time – which will ensure that neither this, nor the next malware creeping around the internet won’t cause you any trouble.