Mac users are really not having a good week. Because hot off the heels of this exploit that at this point appears to be unstoppable, comes a new exploit that is very, very scary:
Adam Thomas, a researcher at Malwarebytes, discovered a new adware installer, and while testing it, he discovered something very strange: his sudoers file had been modified!
For those who don’t know, the sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.
In English, that means that this exploit can gain complete control over your Mac, allowing the attacker to do whatever they want. Now what’s really bad about this exploit is that it was disclosed without the person who found it telling Apple first and giving them a chance to fix it. That’s created the opportunity for bad guys to leverage this. Apple has since been notified but there is no fix for this at present. So, other than not downloading and installing software that randomly offers to install itself to your computer, there is no real way to protect yourself from this. That’s not good to say the least.
This is another example of Apple falling behind the security curve and bring into question their ability to be a reasonably secure computing platform. One wonders when they will get serious about security so that their users are safe when using their products.
UPDATE: I forgot to link to the original story where I first reported on this exploit.
Like this:
Like Loading...
Related
This entry was posted on August 4, 2015 at 9:29 am and is filed under Commentary with tags Apple, Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Mac Exploit Spotted In The Wild With No Way To Protect Yourself [UPDATED]
Mac users are really not having a good week. Because hot off the heels of this exploit that at this point appears to be unstoppable, comes a new exploit that is very, very scary:
Adam Thomas, a researcher at Malwarebytes, discovered a new adware installer, and while testing it, he discovered something very strange: his sudoers file had been modified!
For those who don’t know, the sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.
In English, that means that this exploit can gain complete control over your Mac, allowing the attacker to do whatever they want. Now what’s really bad about this exploit is that it was disclosed without the person who found it telling Apple first and giving them a chance to fix it. That’s created the opportunity for bad guys to leverage this. Apple has since been notified but there is no fix for this at present. So, other than not downloading and installing software that randomly offers to install itself to your computer, there is no real way to protect yourself from this. That’s not good to say the least.
This is another example of Apple falling behind the security curve and bring into question their ability to be a reasonably secure computing platform. One wonders when they will get serious about security so that their users are safe when using their products.
UPDATE: I forgot to link to the original story where I first reported on this exploit.
Share this:
Like this:
Related
This entry was posted on August 4, 2015 at 9:29 am and is filed under Commentary with tags Apple, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.