Mac malware using an exploit so small it fits in a tweet has been upgraded to avoid anti-virus checks.
The malware uses the patched OS X DYLD_PRINT_TO_FILE vulnerability that grants attackers root privilege escalation through trivial code.
The updated version will throw a fleeting installer request to access the OS X keychain and simulate a click on "allow" before the user can prevent the installation.
MalwareBytes researcher Thomas Reed said that this grants access to the Safari Extensions List, but could grant attackers access to iCloud accounts and other keychain data.
The malware uses the patched OS X DYLD_PRINT_TO_FILE vulnerability that grants attackers root privilege escalation through trivial code.
The updated version will throw a fleeting installer request to access the OS X keychain and simulate a click on "allow" before the user can prevent the installation.
MalwareBytes researcher Thomas Reed said that this grants access to the Safari Extensions List, but could grant attackers access to iCloud accounts and other keychain data.
