News

Exploit for Mac OS X Critical Vulnerability Appears in the Wild

By admin
Spread the love

An exploit has surfaced that exploits a recently discovered security vulnerability in Mac OS 10.10. The vulnerability makes it possible to install software without the user’s consent.

The exploit takes advantage of a vulnerability discovered last month by security researcher Stefan Esser, Ars Technica reports. In Mac OS 10.10, Apple added a new environment variable, DYLD_PRINT_TO_FILE, to the dynamic linker, intended for logging information to a specific file. However, the variable was not added to the dynamic linker in the usual way, so it doesn’t check whether certain permissions are needed to open a chosen file.

Malwarebytes researchers discovered malware that modifies a system file so that it can install Vsearch adware without user consent. Although the vulnerability has already been patched in the beta versions of Mac OS 10.11, the vulnerability is still present in the latest beta of Mac OS 10.10.5.

On Monday, Wired reported on the new Thunderstrike 2 worm, a proof-of-concept that uses multiple vulnerabilities in Mac OS X to hide in the firmware. The two leaks are not related. Apple is said to have patched several vulnerabilities used by Thunderstrike 2 and the researchers will release more information at the Black Hat conference.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones