Skip to main content
  1. Home
  2. Computing
  3. News

Newly discovered bug could hand control of your Mac over to hackers

By

mac os x bug gives attackers complete control shutterstock 209983375
Denys Prykhodov/Shutterstock
A bug introduced in the most recent OS X update allegedly allows hackers to access unrestricted root user privileges, according to Ars Technica. This blunder on Apple’s part leaves a plethora of Mac users at risk to rootkits and other brands of persistent malware.

The bug, originally reported on Tuesday in a blog post written by security engineer Stefan Esser, serves as the exact type of security gap hackers usually exploit to circumvent security protections. Thanks to a clear flaw in the operating system’s code, however, now they don’t have to.

Recommended Videos

Recently, Microsoft had to issue a fix for bugs in its Windows operating systems that similarly exploited privilege elevations. These were due to an exploit found by Hacking Team, a Milan-based “offensive technology” company employed by governments around the world to deliver malware as a service. Hacking Team was also responsible for the recent exploits that targeted Adobe Flash, whose defenses have been strengthened as a result.

Related

Esser writes that the privilege-escalation bugs found in OS X derive from a new features added in OS X 10.10 designed to log system errors. Developers at Apple, however, neglected to make use of the standard safeguards needed when amending the OS X dynamic linker dyld.

This oversight opens up the opportunity for hackers to initiate or produce files enabling root privileges. Files with such permissions can be dangerous and are able to be stored in any location within the OS X file system.

Additionally, Esser notes that “because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege escalation.”

Users of OS X 10.10.4 Yosemite and the beta version of the next update, 10.10.5, are at risk for the aforementioned vulnerability. The beta version of El Capitan, 10.11, on the other hand, is unburdened.

Esser supplemented his writings with a proof-of-concept exploit code showing how malware developers could elevate privileges without asking end-users for a password. Alternatively, developers of remote exploits whose applications typically carry out malicious code as a regular user rather than as root are also an increased risk.

Nonetheless, it wouldn’t be unusual to see Apple quietly patch this bug out in the coming weeks, as an Apple rep has already mentioned that its engineers are aware of Esser’s blog post.

Editors' Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
Best Verizon Fios new customer deals: Get 2GB/s internet in your home
Fios TV Package

Whether you surf the web for work or you subscribe to one of the best live TV streaming services, the experience can be made better with blazing fast internet. Fiber optic internet service is the future, and with Verizon Fios you can get some of the fastest internet service around. This service would pair well with any of the best TVs and home theater setups, but it’s also something to consider if you're into online gamine or do work that requires large file uploads and downloads. We’re currently seeing some of the lowest prices on Fios home internet service we’ve ever seen, with Verizon putting some super impressive deals out there. We’ve rounded up all of the best Verizon Fios deals available right now, and they include low monthly costs, waived setup charges, and a number of freebies like Target gift cards.
2 Gigabit Verizon Fios connection -- $85 per month + free extras
One of the fastest internet speeds you can get, and the fastest speed that Verizon offers, this is the sort of subscription you should grab if all the members of your family are essentially watching 4k content all the time. It's also great for those who want to host their own media server to share with friends or family while not impacting anybody else in the home. You also get a lot of great freebies included here, such as the choice of either a $300 Target gift card or a $350 value Samsung Chromebook Go, which is admittedly an entry-level device, but it's not bad to use for just streaming content. On top of that, you can choose between 2TB of Verizon cloud storage and 12 months of Disney+ with no ads or a MoCA Ethernet Adapter for gaming and a $50 Xbox eGift Card. You could also get both of these if you add an extra $10/month, although it's probably not worth it at that point.

1 Gigabit Verizon Fios connection -- $65 per month + free extras
If the super-fast speeds aren't necessarily needed, especially if you're in a smaller household without too many folks watching content, then the 1 Gigabit version is the way to go. It is $20 cheaper, so it's a lot of money that you're saving over the course of the year, and you still get quite a few extra benefits, even at this level. You get to choose either a $200 Target gift card or the same sort of Samsung Chromebook Go that's worth $350 that's great for streaming content. You also get a similar choice as the 2 Gigabit connection, which includes either 2TB of Verizon cloud storage and six months of Disney+ without ads, or a MoCA Ethernet Adapter for gaming and a $50 Xbox eGift Card.

Read more
Best Buy laptop deals: Cheap laptops starting at $139
Apple M1 MacBook Air open on a desk with plants in the background.

With Best Buy almost always among the best places to buy a laptop online, it’s worth checking out what sort of laptop deals the retail giant currently has taking place. It regularly discounts laptop models by top laptop brands like Dell, HP, Lenovo, and even Apple. We’ve tracked down all of the Best Buy laptop deals worth shopping right now, and you can read more about them below. They include some massive savings on an Acer Chromebook, as well as some discounts on new MacBook Airs. If you’re uncertain what sort of laptop best suit your needs, you can also consult our laptop buying guide.
Acer Chromebook 315 — $139, was $199

The Acer Chromebook 315 is one of the larger Chromebooks you’ll find, as its display comes in at an impressive 15.6 inches. This makes it a great option for people who want some extra screen real estate, but who still like to do their work on the go. The Acer Chromebook 315 has plenty of power for a Chromebook, and is made as much for comfort as functionality. Its slightly larger size will come in handy when doing creative work and an integrated numeric keyboard gives it the feel of working on a desktop. The Acer Chromebook 315 is able to reach up to 10 hours of battery life on a single charge, meaning you can work on the go all day without needing to take a charger with you.

Read more
The latest Windows update is breaking VPN connections
Windows Update running on a laptop.

Microsoft has acknowledged that the Windows security updates for April 2024 (KB5036893 for Windows 11, KB5036892 for Windows 10) are causing disruptions to virtual private network (VPN) connections across various client and server platforms. According to information on the Windows health dashboard, devices running Windows may experience VPN connection failures following the installation of either the April 2024 security update or the April 2024 non-security preview update.

The company has also stated that it is actively investigating user reports regarding these issues and will share more details in the coming days. The impacted Windows versions include Windows 11, Windows 10, and Windows Server 2008 onward.

Read more