Status
Not open for further replies.

JM Safe

Level 38
Verified
Good day everyone.

Last week it was announced a vulnerability in OS X zero-day type without having previously warned Apple. Apparently the vulnerability has already been exploited by malware writers. Adam Thomas, a company researcher, has identified a Malwarebytes installer adware (applications that install software that make it appear ads) identifying changes to the sudoers configuration file, a hidden file in Unix that determines, among other things, some of the root permissions in Unix shell. The change to the sudoers file allows this case to give the app root permission without the user being prompted for a password.

The vulnerability involves the new recording system of error latest versions of OS X and specifically the DYLD_PRINT_TO_FILE function. Shows the script that you can install without adware password VSearch, a variant of Genieo (other adware) and redirect the user to a specific page on the Mac App Store. It also installed the junkware MacKeeper. But this is what is right now the script; technically once took control of the system, is able to install anything without password

The researcher who discovered the vulnerability had explained that this was present in OS 10.10.4 but not in the beta of the future OS X 10.11 El Capitan, a sign that Apple is probably aware of the problem. Should not be too complicated issue an update though now becoming urgent to do it since it has been demonstrated that in circulation there are already those who exploited the bug.

Continue to reading...

 
Status
Not open for further replies.