A flaw present in Yosemite and discovery in recent weeks has already been exploited to create installer compromises can scale and privileges to install software without the user.
A bug in the latest version of OS X Forwards offers a chance to gain root privileges unlimited, making it easy the ability to surreptitiously infect Mac with rootkits and other malware with high persistence.
The bug was discovered in recent weeks by security researcher Stefan Esser and results from new error-logging capabilities that Apple has added to OS X 10.10. A non-optimal implementation function may allow attackers to open files or create files anywhere in the file system of OS X, without root privileges.
” This is obviously a problem, because it allows the creation or opening (for writing) of any file in the file system. This mechanism can be easily exploited for privilege escalation techniques ” Esser noted.
The vulnerability has already been exploited to create compromises installer can install malware without requiring the system password to the victim. The discovery was made by security companies Malwarebytes in recent days: the installer is able to change the configuration file sudoers, a hidden file that determines who and how it can have root permissions in Unix shells. The change means that the installer can obtain the permission of root without requiring a password. In this case, the installer installs the adware and VSearch Genieo and junkware MacKeeper.
The vulnerability is present in Yosemite 10.10.4 and 10.10.5 in beta. The beta version of El Capitan is rather safe, an indication that Apple developers may be aware of the vulnerability and also be working to release a security update in a short time.