The vulnerability could allow attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite) operating system, without requiring victims to enter system passwords, a new report says.
The zero-day bug came over a week after security researcher Stefan Esser discovered a privilege escalation zero-day vulnerability in the latest version of Apple's OS X Yosemite that caused due to environment variable DYLD_PRINT_TO_FILE and dynamic linker dyld, new error-logging features added to the operating system.
The developers failed to implement standard safeguards that are needed while adding support for new environment variables to the OS X dynamic linker dyld, allowing hackers to create or modify files with root privileges that can fit anywhere in the Mac OS X file system.
OS X Zero-Day Exploit in the Wild
Now, security researchers from anti-malware firm Malwarebytes spotted a malicious installer in the wild that was exploiting the zero-day vulnerability to infect Macs with different types of adware including VSearch, MacKeeper and Genieo.
The issue actually resides in a hidden Unix file – Sudoers – which is actually a list of files as to which software are allowed to get root permissions on a computer. However, a modification to the Sudoers allowed the installer to gain root level permissions without the need of password from an administrator.
The issue was discovered by Adam Thomas while testing a new adware installer.
"The script that exploits the DYLD_PRINT_TO_FILE vulnerability is written to a file and then executed," Malwarebytes researchers explains in a blog post. "Part of the script involves deleting itself when it's finished."
"The real meat of the script, though, involves modifying the Sudoers file. The change made by the script allows shell commands to be executed as root using sudo, without the usual requirement for entering a password."
No Way Out for Mac Users
The zero-day flaw affects both the current stable Mac version OS X 10.10 (build 10.10.4) and the recent Beta build OS X 10.10.5 (Yosemite).
Good news for Mac users who are running Mac OS X 10.11 El Capitan Beta builds, as it appears that they are not affected by the zero-day flaw.
Until Apple patches this critical issue, you don't have any good options to prevent a skilled hacker from installing malware on your Mac systems, beyond using a patch created by Esser himself, which can be downloaded from here.
No doubt, Esser is a respected security researcher, but installing a patch from a third party developer can be a risky. Therefore, we advise you to fully investigate the patch before installing.
