Slashdot Mirror

← Back to Stories (view on slashdot.org)

OS X Bug Exploited To Infect Macs Without Need For Password

Posted by Soulskill on from the sooner-or-later dept.

An anonymous reader writes: A new flaw has been discovered in the latest version of OS X which allows hackers to install malware and adware onto a Mac without the need for any system passwords, researchers say. The serious zero-day vulnerability was first identified last week and results from a modified error-logging feature in OS X Yosemite which hackers are able to exploit to create files with root privileges. The flaw is currently found in the 'fully patched' OS X 10.10.4, but is not in the newest 10.11 El Capitan beta – suggesting that Apple developers were aware of the issue and are testing a fix.

11 of 127 comments (clear)

  1. Also fixed in 10.10.5 by Anonymous Coward · · Score: 4, Informative

    It's also already fixed in the latest 10.10.5 beta.

    1. Re: Also fixed in 10.10.5 by Anonymous Coward · · Score: 2, Informative

      I just installed Win10 via upgrade and rather easily turned off almost all the reporting features within minutes from the control panel. I don't use their store and I login only with a local login and use Firefox. Win10 so far has been as good as Win7 and I haven't run into any of Win8 issues. You sound like another Microsoft bandwagon hater. Years ago I learned to use the best tool for job, maybe you should too.

    2. Re: Also fixed in 10.10.5 by perpenso · · Score: 5, Informative

      I just installed Win10 via upgrade and rather easily turned off almost all the reporting features within minutes from the control panel.

      You could have turned off the reporting from the installer by selecting the custom configuration option.

    3. Re: Also fixed in 10.10.5 by Penguinisto · · Score: 3, Informative

      What makes you think that MS will use Windows Update to change settings?

      Because they've done it before.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    4. Re:Also fixed in 10.10.5 by Ravaldy · · Score: 1, Informative

      But in a year, you'll have to pay for it

      It's free for life for all devices that already own Windows 7 or 8 and install it within the year. This is information right off their website. The cost to purchase after that is fairly nominal.

      all that adware and spyware will still be present and enabled by default,

      What malware? Please point me to concrete evidence of this as I have yet to see it.

  2. You mean this one? by complete+loony · · Score: 3, Informative

    A Tweet-Sized Exploit Can Get Root On OS X 10.10

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  3. Better link by phantomfive · · Score: 5, Informative

    Here is a better link with more technical details.

    It's a privilege escalation exploit, so an attacker would already need shell access on your computer to get something done. Every OS has privilege escalation vulnerabilities, because it's much harder to close all the holes when you allow someone to execute arbitrary code on a system.

    That said, this is a particularly braindead bug from Apple, and it is worrisome because it shows they aren't thinking about security, or don't have proper processes in place to ensure the system stays secure. Their programmers should have known better than to create that kind of environment variable so lightly.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Better link by Dutch+Gun · · Score: 4, Informative

      Ugh, don't give this asshole more traffic. I think there's a reason few people are linking to his blog directly. He released the details of this bug without even attempting to contact Apple. When asked why he didn't do so, he replied "Why should I?" Later he states that "Responsible disclosure is simply a way of redirecting blame for a vulnerability from the vendor to the reporter." Right on his blog he's advertising his own presentations. Essentially, he's making news about this at the expense of user safety in order to promote himself and his services.

      A real piece of work.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:Better link by phantomfive · · Score: 3, Informative

      Last time I tried to report a bug to Apple through their bug tool, I got this error message. When I sent a message to the address in the error message, they responded, "please submit that bug through our error reporting tool." The initial bug I was trying to report still hasn't been fixed.

      This vulnerability is already being exploited in the wild. In that case, responsible disclosure means announcing it publicly, so people can defend themselves. And if Apple gave him as much trouble as they gave me, I don't blame him for not reporting the bug to them.

      --
      "First they came for the slanderers and i said nothing."
  4. Privlege escalation exploit change looks like this by CraigCruden · · Score: 4, Informative

    if run "sudo cat /etc/sudoers" it will print out the file in question. The section normally looks like:

    # User privilege specification
    root ALL=(ALL) ALL
    %admin ALL=(ALL) ALL


    If it has been changed to include a new user or make changes at the end of any of the lines to add "NOPASSWD:ALL" then you have been affected:

    eg.
    username ALL=(ALL) NOPASSWD:ALL

  5. "What Malware?" by tlambert · · Score: 3, Informative

    all that adware and spyware will still be present and enabled by default,

    What malware? Please point me to concrete evidence of this as I have yet to see it.

    I believe that's a reference to what they disable that used to work, and the bandwidth stealing.

    The things that get ripped out from under you are:

    (1) Windows Media Center
    (2) DVD Playback
    (3) Desktop gadgets
    (4) Preinstalled games (Solitaire, Minesweeper, Hearts; you have to purchase replacements)
    (5) USB Floppy drive support
    (6) The OneDrive application from Windows Essentials (it's replaced instead with the sync application)
    (7) Windows Updates are forced on you instead of being optional, unless you pay more for Pro or Enterprise

    We've seen this already with the consistent installation of the Windows 10 Update tray icon and application, even on Windows 7 and 8. This is particularly insidious, since the application runs in the background, and acts as a torrent style replication server as part of their Windows 10 content delivery network used for the updates. Basically, they are stealing bandwidth from you, even if you do not opt in for the update.

    Microsoft calls this "feature" Windows Update Delivery Optimization, and your computer is basically eating into your bandwidth cap, if you have on, since about July 29th when the update was released. This is enabled by default for the Home and Pro versions (but not Enterprise or Education, apart from the local network).

    To disable it, you have to go to the "Settings" / "Update & Security" / "Windows Update" / "Advanced Options" / "CHOOSE HOW UPDATES ARE DELIVERED", and then turn the "Updated from More than One Place" from "on" to "Off".

    And yeah, I think if something is eating into my bandwidth cap, it counts as "malware". The other problem is that it tends to monopolize upload bandwidth, which is usually asymmetric with download -- mean that it eats all of your ability to ACK your full download bandwidth.

    The other thing that I'd count as "malware" is Wi-Fi Sense, which shares your Wi-Fi password with various email and social network contacts. But it doesn't allow you to pick and choose with which ones it's shared, so for every enabled network, it's "everyone on this social network in my contacts, not just family or close friends".... also: kinda not cool.

    Again: trun-offable, but on by default: "Windows Settings" / "Network & Internet" / "Change Wi-Fi settings" /"Manage Wi-Fi settings" then turn off all the items under Wi-Fi Sense. Then have Wi-Fi Sense (and JUST THAT) "forget the list of known networks".