No operating system exists without security flaws, but some manufacturers are more assiduous about patches than others. A potentially serious vulnerability found in Apple's OS X desktop operating system is getting patched out of the upcoming version, 10.11 El Capitan, but for now, it's still at large in the current version, 10.10 Yosemite, and the beta for the next Yosemite update suggests that the flaw isn't going anywhere.
Information about the vulnerability comes from Stefan Esser, a German researcher for SektionEins (SectionOne), a Cologne, Germany-based security firm. The flaw, found in the DYLD_PRINT_TO_FILE protocol, allows privilege escalation. While the flaw does not allow malefactors to hijack a system remotely, a cybercriminal who already has access to a Mac could use the flaw to pass him- or herself off as an administrator, with the power to install, delete or alter software.
Without getting too far into the technical weeds, the DYLD_PRINT_TO_FILE protocol, when working properly, allows Yosemite to write error logs to a new file. The trouble is that, due to changes introduced with Yosemite, DYLD_PRINT_TO_FILE now will accept set owner user ID (SUID) binary files, meaning that exploiters can use the protocol to gain access to root privileges on the system. (The flaw does not appear in earlier versions of OS X, including 10.8 Mountain Lion or 10.9 Mavericks.)
In layman's terms, a hacker armed with the right code and the right attack files could use this vulnerability to access just about any folder or directory on a Mac. Esser provides the full code on his blog post, although due to obvious security concerns, we will not republish it here.
Apple did not immediately respond to requests for comment.
Escalation-of-privilege bugs in operating systems are not unheard-of, but the odd part about this story is Apple's response. Esser noticed that the flaw functions in both the current version of Yosemite (10.10.4) and the beta version (10.10.5), but does not appear active in the working betas of Apple's next OS, El Capitan (10.11). This suggests that Apple is aware of the flaw, but has opted not to fix it in its current OS.
Esser provided his own unofficial patch for the vulnerability, which Yosemite users might be wise to install, since Apple has not shown any interest in fixing the problem yet. However, Esser pointed out on Twitter that installing the patch might create other security problems. To install Esser's patch, users have to adjust their security settings in way that would make it very easy for less scrupulous unauthorized software to proliferate on their systems.
Now that the exploit is out in the open, it's not impossible that a cybercriminal might use it to attack Mac Yosemite users. In order to protect yourself, either download Esser's patch, download the El Capitan beta or do everything in your power to prevent attackers from hijacking your Mac in the first place. As always, an Internet security program is a good place to start, as is exercising common sense Web safety.
- Best Identity-Theft Protection
- Mobile Security Guide: Everything You Need to Know
- What to Do After a Data Breach