 |
 |
Apple privilege escalating bug exploited in new adware installer
|
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
A zero-day exploit revealed last month for only OS X Yosemite has been found in "the wild." The exploit is being seen in an adware installer, and modifies the "sudoers" UNIX file that determines who has root permission for the system, and during the installation process, can give root permission to an arbitrary process without needing a password.
The exploit still needs an installer of some sort, and still must be given permission to run by the user. However, following password entry for the original installer, the modification to the sudoers file by the Apple-provided error-logging DYLD_PRINT_TO_FILE routine does not require a second or subsequent password for modification. This has already been fixed in El Capitan betas.
The adware package tested by the researchers at Malwarebytes installs the malware, then uses the sudo command, now unrestricted by password requirements to run a second installer, which installs the Genieo adware, and the MacKeeper package. It then downloads the Shuttle file download manager from the Mac App Store.
Apple's Gatekeeper preferences are set by default to disallow installations, and require a user password for all such procedures. As with anything, MacNN recommends caution, and knowing that your software comes from a trusted source before bypass of Apple security methods for installation. A third party mitigation for the exploit is available from the original researcher.
(
Last edited by NewsPoster; Aug 4, 2015 at 01:00 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2001
Status:
Offline
|
|
Why am I not surprised that the MacKeeper software is mentioned here?
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2001
Location: Collinsville, IL, USA
Status:
Offline
|
|
"The exploit still needs an installer of some sort, and still must be given permission to run by the user."
That's all you need to know really. Just keep doing what you have been doing, don't download software from unknown websites, keep Gatekeeper turned on, be alert. Let the stupid die.
|
|
|
| |
|
|
|
|
|
|
|
Managing Editor
Join Date: Jul 2012
Status:
Offline
|
|
The problem with that, is the "stupid" takes the rest of us down too, sometimes. Educate the ill-informed, and the "community" is better for it.
Although, I would like tech writers for Reuters and whatnot to embed with specific places for a while for less fear mongering about stuff sometimes.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Sep 2000
Location: OR, USA
Status:
Offline
|
|
So to sum up, if I install this software and enter the required administrator password then I'm screwed? Who would have thought...
Duh, installing malicious software (or questionably downloaded) might result in something bad happening.
|
|
-
Michael
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status:
Offline
|
|
Here's a simple, quick guide to avoiding downloading any possible malicious software:
1. Stay off pirate sites.
2. The only truly safe Mac downloading sites are a) the developer's own site, b) the Mac App Store, and c) Macupdate.com. Well-known deal and storefronts are fine as well, but really avoid downloading Mac software from other sites.
3. Do not enter your admin password unless you are entirely sure and confident about why you need to do so.
|
|
Charles Martin
MacNN Editor
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top