A security researcher has discovered a critical vulnerability in the latest version of Apple's OS X Yosemite that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet.
The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser, could be exploited by to circumvent security protections and gain full control of Mac computers.
The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system.
This could make it easier for hackers to surreptitiously infect Macs with rootkits and other types of persistent malware. Thanks to an environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite.
Apple Mac OS X Vulnerability Gives Full Control of your Mac
This environment variable specifies where in the file system an operating system component called the OS X dynamic linker dyld can log error messages.
However, the developers were failed to use standard safeguards that are needed when adding support for new environment variables to the OS X dynamic linker dyld, allowing hackers to modify or create arbitrary files with root privileges.
"This is dangerous," Esser explained in a blog post, "because it allows to open or create arbitrary files owned by the root user anywhere in the file system. Furthermore, the opened log file is never closed and, therefore, its file descriptor is leaked into processes spawned by SUID binaries. This means child processes of SUID root processes can write to arbitrary files owned by the root user anywhere in the filesystem."
As a result, if exploited, this allows an attacker to easily gain privilege escalation in Yosemite to hijack your Mac computer and take control of your system.
Exploit Code Fits in a Tweet:
Below is the creepy root-level privilege-escalation exploit code that even fit in a tweet, devised yesterday by Redditor Numinit:
The vulnerability affects both the latest stable release of the Mac operating system, OS X 10.10.4 Yosemite and the current beta version OS X 10.10.5, meaning many people are affected by this vulnerability.
However, the current El Capitan beta version OS X 10.11 is not affected by the flaw, which indicates that the company may already be aware of the weakness.
How to Fix the Flaw?
Esser has developed a fix for this critical vulnerability, which you can download and install to protect your Mac until Apple release an official patch to address the issue.
"Apple ships fixes for security in beta versions of future products, but does not fix current versions," Esser says.
Download Esser's SUIDGuard from GitHub now to fix the bug.