August 5, 2015 at 6:21 am #4734
Apple Mac OS X Yosemite has a serious Zero Day Exploit that is still unpatched on its latest update. Security researcher Stefan Esser found a privilege escalation zero day exploit in OS X Yosemite 10.10.4 which also works well on beta built OS X 10.10.5.
If you are running OS X 10.11 El Capitan then you are safe. This zero day privilege escalation bug doesn’t affect the latest beta version of OS X El Capitan running Mac computers.
What are the problems?
Well, the vulnerability allow hackers to install malware, spyware, adware onto a target mac computer that are running vulnerable versions of OS X which most of the macs today are running across the world. If an hacker successfully exploited this bug, then it is possible to access the entire mac hard disk and user data without the need for entering password.
How it works?
OS X Yosemite’s environment variable DYLD_PRINT_TO_FILE and Dynamic Linker dyld, which adds error-logging feature to the OS X are the possible vulnerable points which allows hackers to gain root access to the mac system. In Unix computers, sudoers file is responsible for allowing who has root privileges and permissions to access the Unix shell. Hackers modify the sudoers file with a script that allows an app to gain root privileges without the need for entering password.
The script at the end of execution deletes itself to remove all the traces.
Hackers will be able to execute commands in Unix shell with root permissions once the script execution completed.
Apple already notified by security researcher Stefan Esser and we are expecting Apple to release an update soon within a month. Thanks for reading and have a wonderful day.