Now they're playing with the sudoers file

cradom · Aug 5, 2015

https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/
https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html

Unfortunately I Think they published the code...

vansmith · Aug 5, 2015

I thought the code drop was a patch for the vulnerability.

It seems unclear as to whether Esser, the discoverer of the exploit, told Apple first. If he did, and gave them time, shame on Apple. If he didn't, shame on him.

cradom · Aug 5, 2015

It was my understanding he disclosed it first, before he told Apple. And then he came out with software to check/disable the flaw?
Not gonna download that one, no sir. I understand Apple's...um....peeved.

vansmith · Aug 5, 2015

In that case, yeah, that was a bad move. If a company does nothing? They're fair game. If a company doesn't know, they're not fair game and if you actually cared, you'd divulge things first.

Apparently the issue is non-existent in 10.11 so I guess we'll all have a fix in two months or so.

chas_m · Aug 6, 2015

It is also fixed in the betas for 10.10.5.

Not noted in most of the reporting on this is that you have to actually install this malware yourself, meaning you must provide your admin password. Only then can it escalate its privileges by using the error-reporting flaw. Whereupon -- it must be said -- it wastes an enormous opportunity for harm and instead simply installs a bunch of adware/junkware that is fairly easily removed (thanks to AdwareMedic/Malwarebytes). Apple is very very likely to update XProtect for older versions of Yosemite after 10.10.5 is out, but my understanding is that the flaw is limited to Yosemite, since it was introduced in the change to Yosemite's error reporting.

Now they're playing with the sudoers file

cradom

vansmith

Senior Member

cradom

vansmith

Senior Member

chas_m

Guest

Shop Amazon