Number: IRCNE2015082589
Date: 2015/08/05
According to “tripwire”, a security researcher has found the first known exploit of a zero-day vulnerability affecting Apple’s DYLD_PRINT_TO_FILE variable in the wild.
The vulnerability, which was first found by researcher Stefan Esser in July, involves the addition of DYLD_PRINT_TO_FILE as a new environment variable to the dynamic linker dyld. As of this writing, this variable does not come with certain safeguards and can therefore be exploited for privilege escalation attacks.
Since the time of the vulnerability’s discovery, Malwarebytes security researcher Adam Thomas has found a new adware installer that exploits this vulnerability and uses it to install unwanted programs including VSearch, a variant of the Genieo package, and the MacKeeper junkware.
The vulnerability affects Yosemite versions 10.10.4 and the beta of 10.10.5, though it does not appear to affect the 10.11 version of the Mac OS X 10.11 El Capitan builds.
Apple has not released a fix for the vulnerability yet. In the meantime, Esser has released SUIDGuard, a TrustedBSD Kernel Extension that is said to fix the vulnerability.
As always, users are urged to exercise caution when downloading anything from the web, even from a trusted security researcher.
- 11