OS X Yosemite Flaw Leaves Macs Open to Hacker Takeover

Status
Not open for further replies.

Haravikk

Honorable
Sep 14, 2013
21
0
10,560
FileVault 2, which is the version used on the affected OS X versions, won't prevent attackers from getting access to files as it uses full-disk encryption; so long as the system has started up the disk is effectively decrypted, at which point the root user can access any files it wishes. The only way to protect files further would be to use secure disk images, which is how FileVault 1 used to work, those introduce other headaches, but need to be mounted before they are decrypted, so as long as you only mount them when you need them they should be safe, or at least safer.

Using a separate admin/sudoer account is sound advice for every operating system; there's no reason to be in an account capable of elevating itself directly to root. Even if you're a developer you can sudo yourself via an admin account; it's only one extra step but is a lot better for security. It's also a good thing because it stops you doing stuff you may not realise has security implications, meanwhile an admin user may not get prompted while throwing files in vulnerable areas of the system.
 

Jill Scharr

Honorable
Jul 25, 2013
249
0
10,830
Hi Haravikk,
I'm the writer of the Yosemite flaw piece. You're absolutely right about FileVault. I recommended using FileVault in the piece, however, because Kvarnhammer (the researcher who discovered the flaw in the first place) recommended it. Kvarnhammer has more information about how this particular flaw works, so it's possible there's a specific reason why FileVault would in fact protect Macs from these kinds of exploits. In any case, using FileVault or any kind of full-disk encryption is usually just a good idea.
Thanks!
 

Sophia Hall

Estimable
Nov 8, 2014
1
0
4,510
Get best and discounts on Samsung Galaxy Note Edge and latest Android phones, visit >>>>> bestandroidphonedeals .com
 

falchard

Distinguished
Jun 13, 2008
421
0
18,930
There is an issue with the title of your article. It should read, "Another Mac OSX flaw allows hacker to take over." I think its pretty redundant to say that Macs are the least secure major OS. To my knowledge they are also slow in fixing already discovered security flaws.
 
Status
Not open for further replies.