Don't say we didn't warn you. Last month, you may recall that a security researcher discovered a nasty vulnerability in Mac operating systems that Apple steadfastly refused to patch. Now, cybercriminals have taken advantage of Apple's lassitude and developed at least one piece of malware that could compromise users' systems using a flaw that shows no sign of ever being fixed in Mac OS 10.10 Yosemite.
Malwarebytes, a security firm based in San Jose, California, shared the information on its Unpacked security blog. Adam Thomas, a Malwarebytes researcher, was picking apart an adware installer when he discovered something unusual: an attack that takes advantage of DYLD_PRINT_TO_FILE, the very protocol that Stefan Esser discussed last month.
As a brief refresher, a savvy cybercriminal could take advantage of DYLD_PRINT_TO_FILE, an otherwise innocuous error message protocol, to escalate his or her privilege. This means that he or she could pretend to be an administrator on a remote computer, gain access to any file, and install whatever compromising software he or she desired.
The exploit that Thomas discovered takes advantage of a sudoers file in the Unix shell of the Mac OS. This file dictates permissions on the operating system, but does not require a password. As such, it made a ripe target for a DYLD_PRINT_TO_FILE exploit. This particular attack installs VSInstaller, a collection of adware, malware and other sundry software that can really ruin your computer's day.
Right now, this exploit is piggybacking on adware, which most savvy users probably won't download anyway. But this is probably just the opening volley. Unless Apple patches this vulnerability on Yosemite operating systems, other opportunistic cybercriminals may take advantage of the same flaw and attack in subtler ways — like malvertising or convincing email scams.
Since Apple has not fixed the issue, those with Yosemite operating systems have little recourse except to be as careful as possible when downloading new files online (and, as explained above, this is a measure that may not work indefinitely). If your system can handle it, you may want to download the Mac OS 10.11 El Capitan beta; Apple was apparently aware of the flaw there, and saw no issue patching it for its latest OS.