Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Apple privilege escalating bug exploited in new adware installer

Apple privilege escalating bug exploited in new adware installer
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 4, 2015, 10:42 AM
 
A zero-day exploit revealed last month for only OS X Yosemite has been found in "the wild." The exploit is being seen in an adware installer, and modifies the "sudoers" UNIX file that determines who has root permission for the system, and during the installation process, can give root permission to an arbitrary process without needing a password.

The exploit still needs an installer of some sort, and still must be given permission to run by the user. However, following password entry for the original installer, the modification to the sudoers file by the Apple-provided error-logging DYLD_PRINT_TO_FILE routine does not require a second or subsequent password for modification. This has already been fixed in El Capitan betas.

The adware package tested by the researchers at Malwarebytes installs the malware, then uses the sudo command, now unrestricted by password requirements to run a second installer, which installs the Genieo adware, and the MacKeeper package. It then downloads the Shuttle file download manager from the Mac App Store.

Apple's Gatekeeper preferences are set by default to disallow installations, and require a user password for all such procedures. As with anything, MacNN recommends caution, and knowing that your software comes from a trusted source before bypass of Apple security methods for installation. A third party mitigation for the exploit is available from the original researcher.
( Last edited by NewsPoster; Aug 4, 2015 at 01:00 PM. )
     
Paulrm
Fresh-Faced Recruit
Join Date: Aug 2001
Status: Offline
Reply With Quote
Aug 4, 2015, 12:23 PM
 
Why am I not surprised that the MacKeeper software is mentioned here?
     
lkrupp
Forum Regular
Join Date: May 2001
Location: Collinsville, IL, USA
Status: Offline
Reply With Quote
Aug 4, 2015, 12:38 PM
 
"The exploit still needs an installer of some sort, and still must be given permission to run by the user."

That's all you need to know really. Just keep doing what you have been doing, don't download software from unknown websites, keep Gatekeeper turned on, be alert. Let the stupid die.
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 4, 2015, 01:01 PM
 
The problem with that, is the "stupid" takes the rest of us down too, sometimes. Educate the ill-informed, and the "community" is better for it.

Although, I would like tech writers for Reuters and whatnot to embed with specific places for a while for less fear mongering about stuff sometimes.
     
mgpalma
Forum Regular
Join Date: Sep 2000
Location: OR, USA
Status: Offline
Reply With Quote
Aug 4, 2015, 01:28 PM
 
So to sum up, if I install this software and enter the required administrator password then I'm screwed? Who would have thought...

Duh, installing malicious software (or questionably downloaded) might result in something bad happening.
-
Michael
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Aug 4, 2015, 03:20 PM
 
Here's a simple, quick guide to avoiding downloading any possible malicious software:

1. Stay off pirate sites.
2. The only truly safe Mac downloading sites are a) the developer's own site, b) the Mac App Store, and c) Macupdate.com. Well-known deal and storefronts are fine as well, but really avoid downloading Mac software from other sites.
3. Do not enter your admin password unless you are entirely sure and confident about why you need to do so.
Charles Martin
MacNN Editor
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 06:52 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,