Number: IRCNE2015082603
Date: 2015/08/15
According to “cnet”, Apple has fixed a bug in its desktop operating system that could have given hackers access to the entire OS.
Released on Thursday, Mac OS X 10.10.5 resolves scores of holes and technical glitches. But one serious bug in particular was squashed along with the rest. Known as DYLD, this vulnerability in Apple's OS X was considered serious because it enables hackers to remotely run a program on a Mac using administrator rights, which opens up wide access to the entire operating system. The vulnerability had already been exploited "in the wild," or in the real world, according to the Guardian, with at least one adware installer taking advantage of it.
Apple's details on the bug fix, which is available for OS X Yosemite versions 10.10 through 10.10.4, said that with the vulnerability, "a local user may be able to execute arbitrary code with system privileges." Apple noted that the problem was due to a "path validation issue" in DYLD and that the issue was addressed through "improved environment sanitization."
The DYLD bug was first reported by security researcher Stefan Esser. In a tweet posted late Thursday, Esser said: "Hmm so Apple released 10.10.5 fixed some bugs and made another security problem worse than before." Esser didn't reveal which security problem was allegedly made worse. But he reportedly has advised Mac users not to uninstall his SUIDGuard kernel extension, which guards against attacks that take advantage of the DYLD hole, according to security news site SecurityWeek.
- 4