OS X Flaw Lets Hackers Install Malware without Need for System Passwords
Product security is one of the top priorities for every software company, but sometimes even minor flaws end up leaving systems vulnerable. We have seen that happening to Windows and Android before, and now OS X has also joined the fold.
According to a new report, the latest version of OS X includes a serious flaw that hackers can use to install adware and malware onto a target Mac without requiring system passwords.
The issue is around a hidden Mac document, Sudoers, which contains a list of software-related permissions, reports Malwarebytes. The malware installer gains root level permissions by modifying Sudoers, leaving your Mac open to install crapware like VSearch and MacKeeper.
The vulnerability was first uncovered by well-known iOS jailbreaker Stefan Esser, who is now being accused of publicly revealing the flaw before telling Apple.
Esser said the vulnerability is present in Apple’s current OS X 10.10.4 and beta versions of OS X 10.10.5, though he recently tweeted that the latest OS X beta version is no more vulnerable to the exploit.
Esser has offered-up his own kernel extension that could protect your Mac until Apple releases an official fix. However, researchers recommend that you should only install the patch if you what you’re doing, otherwise it can be a risky business.
It’s currently not known when will Apple release a patch, but considering that the vulnerability is very serious, it shouldn’t take it long to fix it.