OS X zero-day flaw: Mac owners having malicious software installed on Apple computers

A researcher made the vulnerability public without telling Apple — and it is now being used by hackers to install malicious software

Click to follow
The Independent Tech

Hackers are using a vulnerability in Apple Macs that can let anyone take control of a computer just by asking — and there's no good way that people can protect themselves.

The attack exploits the way that Macs give users permissions, which allow them to delete files and make changes to settings, among other things. It tricks computers into giving anyone the power to do so, letting hackers take over computers and delete files or use them for malicious purposes.

The vulnerability was made public last month, when a security researcher found it and wrote about it in a blog, without telling Apple to give it a chance to fix the problem. Now hacks that exploit the vulnerability to take over computers are being found in the wild, according to Malwarebytes.

The new exploit installs apps that take over the computer to install junk, ads and other malicious software.

Apple was made aware of the bug by another researcher, they have claimed.

The problem has already been fixed in the beta versions of Apple’s next operating system, El Capitan. But it remains in the current version of Mac OS, Yosemite, according to reports.

There is no way of protecting computers against the vulnerability, beyond installing software made available by Esser, the same researcher who made the information public and gave it to the hackers that are now exploiting it. As Malwarebytes points out, that situation “introduces some serious questions about ethics and conflict of interest”.

Users must go through a fairly complicated process to actually install the malware. Users must first download and then run the problem file, before clicking through the various warnings that are built into Macs so that apps can’t

But malicious software is often distributed through apparently innocent means like fake emails, so that people will download it. And the same bug could easily be used by somebody sat at the computer.

It is the second Apple security flaw to be found in recent days. The two problems are particularly surprising because Apple has long known to pride itself on the fact that its computers were much less vulnerable to such problems than PCs.

Comments