PDA

View Full Version : Now they're playing with the sudoers file



cradom
08-05-2015, 10:09 AM
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/
https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html

Unfortunately I Think they published the code...

vansmith
08-05-2015, 12:13 PM
I thought the code drop was a patch for the vulnerability.

It seems unclear as to whether Esser, the discoverer of the exploit, told Apple first. If he did, and gave them time, shame on Apple. If he didn't, shame on him.

cradom
08-05-2015, 12:20 PM
It was my understanding he disclosed it first, before he told Apple. And then he came out with software to check/disable the flaw?
Not gonna download that one, no sir. I understand Apple's...um....peeved.

vansmith
08-05-2015, 03:56 PM
In that case, yeah, that was a bad move. If a company does nothing? They're fair game. If a company doesn't know, they're not fair game and if you actually cared, you'd divulge things first.

Apparently the issue is non-existent in 10.11 so I guess we'll all have a fix in two months or so.

chas_m
08-06-2015, 03:39 AM
It is also fixed in the betas for 10.10.5.

Not noted in most of the reporting on this is that you have to actually install this malware yourself, meaning you must provide your admin password. Only then can it escalate its privileges by using the error-reporting flaw. Whereupon -- it must be said -- it wastes an enormous opportunity for harm and instead simply installs a bunch of adware/junkware that is fairly easily removed (thanks to AdwareMedic/Malwarebytes). Apple is very very likely to update XProtect for older versions of Yosemite after 10.10.5 is out, but my understanding is that the flaw is limited to Yosemite, since it was introduced in the change to Yosemite's error reporting.