0-Day Bug Damage Macs Without Password Entry

August 4, 2015 at 1:50 pm By

Last week we reported on the 0-Day exploit that has found its way into the latest update of Apple’s OS X and the danger can be pretty substantial especially since the malware doesn’t need victims to enter their passwords.

“Developers didn’t use standard safeguards involving additions to the OS X dynamic linker dyld, a failure that lets attackers open or create files with root privileges that can reside anywhere in the OS X file system,” Arstechnica.

“On Monday, researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware.”

The ArstechnicaΒ report came with screenshots from Malwarebytes that shows the hidden Unix file that decides who has root permissions in the Unix shell according to the report. There is nothing that Mac users can do except be careful because the solution to the problem lies within Apple developers who are responsible for fixing the bug. There is however one risky patch that was developed by the researcher who stumbled upon the exploit.

Ars advised readers to strongly investigate Stefan Esser’s patch before installing it Esser is the man who found the security hole.

“Then again, navigating the Internet with a system known to be vulnerable to in-the-wild exploits is also risky.”Β 

From the sound of it the report is really telling users to be really careful with how they navigate or try to hold off until Apple developers develop a patch. There is no telling when the company will release a new updated version of the software with bug fixes.

Read the full story.