So much for the unhackable Mac: Root exploit hits the wild with no fix in sight

restore a Mac to factory settings

There’s a common misconception that Macs aren’t susceptible to any sort of malware or virus, but if evidence of exploits in the past hasn’t convinced you that isn’t the case, this news from Malwarebytes might. A recently discovered exploit, known by the file that makes it possible, DYLD_PRINT_TO_FILE, allows attackers to use the error reporting system within Mac OS X to create a file with root privileges. Once software has access to your root, it can manage every aspect of your system from installing malicious applications to locking you out entirely.

Fortunately, the practical example of the exploit is a bit less sinister than that. By modifying the sudoers file, the file which contains the list of users that have root privileges, the software can erase the evidence of the exploit and will still have root privileges. From there, it silently uses an app called VSInstaller to install adware called VSearch, Genieo, and MacKeeper, three different pieces of malicious software, then launches an app store page for a download manager called Shuttle.

Security researcher Stefan Esser and another researcher made the exploit known to Apple privately, and then publicly weeks ago, but as of yet Apple hasn’t made any indication that there’s a solution on the horizon. Some users have reported the exploit no longer works in the El Capitan beta, but that has more to do with revamped file permissions and a change to the error reporting software.

For now, if you want to ensure you’re protected from the DYLD_PRINT_TO_FILE exploit, your only option is to install Esser’s SUIDGuard and have faith that his software is trustworthy. As always, your best line of defense is to run anti-virus software on your Mac, and ensure that you’re only downloading files and software from trusted sources like Apple.