A recently-published exploit
that could allow attackers to gain unchecked root-level access, following the user initially installing it, has been patched in the forthcoming OS X 10.10.5 update, and in this fall's 10.11 El Capitan upgrade. The flaw, which was introduced in Yosemite's error-logging functions. Though widely reported as hair-on-fire dangerous, the exploit merely installs adware and junkware such as Genio and MacKeeper, and requires users to actively install it before it gains root privileges.
Despite being fairly low-risk in the wild due to the initial requirement of an admin password, Apple is highly motivated to update Yosemite to block the exploit, as other attackers could develop "trickware" that takes advantage of user naivety to trick users into installing the malware, which would then be in a position to do more serious damage. It's unclear but likely the company will also release a security patch to fix the flaw in earlier versions of Yosemite. Once the malware is installed, it no longer requires user passwords to install other software, but currently only installs annoying adware like VSearch rather than anything actually malicious.
Apple lists software job for more Android apps
A new want ad on Apple's website seeks engineers "to help bring exciting new mobile products to the Android platform," a startling change of heart by the company that has largely avoided helping or working with the rival mobile platform. Apple currently offers only two Android apps -- a program to help switchers change their data and settings over to an iPhone or other iOS device, and a still-supported (for now) version of Beats Music.
This fall, Apple will discontinue the Beats Music app, but will replace it with a new Apple Music app, offering Android users a chance to sign up for the subscription-based service, which offers a three-month free trial and then costs $10 per month, or $15 per month for a household that allows up to six individual accounts. The job listing could be referring to that future Apple Music app, which may or may not also offer iTunes functionality beyond that contained in the Apple Music service -- or could refer to a migration app to help Android-based Beats Music subscribers transition to the new service while retaining playlists, favorites and other settings.
Despite former CEO and co-founder Steve Jobs' vow to wage "thermonuclear war" on Android, which he considered "stolen" from both Apple and to a lesser extent Oracle's Java platform, current CEO Tim Cook has noted that he has "no religious issue" creating apps for the rival platform "if it made sense," which -- thus far -- appears to mean getting Android users to spend money buying into more comprehensive Apple services, or making it easier for them to switch to iOS and Mac products.