OS X flaw leaves Macs vulnerable to attacks, no password required

The latest version of OS X contains a serious flaw that hackers can use to attack your computer without ever needing your password. The issue is around a hidden document — Sudoers — which is effectively a list of permissions as to which pieces of software are allowed to mess around with your computer. Unfortunately, a change to how Yosemite stores the list means that it’s now possible to add malware to the register. As such, it hasn’t taken long before hackers can take advantage of your computer’s unwitting hospitality to install crapware like VSearch and MacKeeper.

The vulnerability was discovered by old-school iOS jailbreaker Stefan Esser who, according to MalwareBytes, is accused of publicly revealing the flaw before telling Apple. That’s a big faux pas in the security community, with Google going toe-to-toe with Microsoft about revealing as-yet un-patched flaws that have a real risk of harming users.

Esser has offered-up his own kernel extension that could protect your machine against such attacks, which can be downloaded here. As Ars Technica says, however, installing a patch that didn’t come from the original developer can be a risky business and you should do so only if you know what you’re doing. Naturally, we’ve reached out to Apple in the hope of getting some official comment on when a patch will be released, but the company had yet to respond at the time of publication.

Filed under:


Via: Ars Technica, AppleInsider

Source: MalwareBytes, GitHub

Tags: apple, Flaw, Malware, OSX, Security

from Engadget Full RSS Feed http://ift.tt/1P2Rk44
via www.EliteLimo.co

The post OS X flaw leaves Macs vulnerable to attacks, no password required appeared first on Elite Limo Blog.

from Elite Limo Blog http://ift.tt/1Im4S6d
via http://ift.tt/1cgcX3j


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s