Apple to patch actively exploited privilege escalation bug in OS X 10.10.5 - report

Posted:
in macOS edited August 2015
A recently-discovered flaw in Apple's desktop operating system that allows attackers to gain root-level access without requiring users' passwords will be reportedly be fixed in the final release of OS X 10.10.5, which is already in beta.




There is no word on exactly what steps Apple will take to mitigate the problem, or whether the company will issue security patches for older versions of OS X. The decision to include a patch in OS X 10.10.5 was first reported by The Guardian.

The privilege escalation bug, first discovered last week, exploits a vulnerability in OS X Yosemite's error logging features. Specially-crafted applications can use this back door to modify OS X's sudoers file without asking the user for their password, in effect granting itself root access.

At least one malware creator is already exploiting the bug in the wild. The malicious application installs adware VSearch and Genio alongside the much-maligned MacKeeper app.

A second vulnerability -- dubbed Thunderstrike 2 --?that allows Thunderbolt devices to help spread a worm which lets attackers overwrite a Mac's firmware was reportedly partially addressed in OS X 10.10.4.

Comments

  • Reply 1 of 16
    Is this just a Yosemite issue or does it go back further?
  • Reply 2 of 16
    lkrupplkrupp Posts: 10,557member
    Quote:

    Originally Posted by TheWhiteFalcon View Post



    Is this just a Yosemite issue or does it go back further?



    From what I’ve read it’s a Yosemite issue caused by the inclusion of new permissions code. The MacBreak Weekly podcast yesterday spent some time on this. This is not something that will automagically install itself on your system without your knowledge or interaction. You still have to click on something install it. If you have Gatekeeper turned on and set to only allow software from the App Store and recognized developers (in other words signed code) you will have to override those protections to install it.

     

    This is of course a very serious flaw, not to be made light of, but it’s also not the apocalypse it’s made out to be by the paranoid crowd. Follow the rules of downloading and don’t download software from weird websites, porn sites, warez sites. Don’t download pirated versions of commercial software which is almost guaranteed to be load with malware. Well, you know thew rules.

  • Reply 3 of 16
    dugbugdugbug Posts: 283member
    mackeeper installed by malware who saw that coming :)
  • Reply 4 of 16
    solipsismysolipsismy Posts: 5,099member
    At least one malware creator is already exploiting the bug in the wild. The malicious application installs adware VSearch and Genio alongside the much-maligned MacKeeper app.

    I asked this and didn't get an answer. Even though the one known employ in the wild just installs adware, there is no reason why this can't install backdoors can't include access to your system and have it "phone home" to announce its presence. With this being exploitable via a URL, this is potentially very serious. If your system is compromised in 10.10.4, will instilling 10.10.5 also resolve that, or will you also need to check your system up after the hole is patched?


    To check a system’s “sudoers” file, open the OS X Terminal and run the following command: sudo cat /etc/sudoers

    400
  • Reply 5 of 16
    It's the apocalypse! Go offline immediately and stay off until it's fixed!
  • Reply 6 of 16
    bulk001bulk001 Posts: 748member
    It's the apocalypse! Go offline immediately and stay off until it's fixed!
    It seems that LegbaCorp has found 5 vulnerabilities - 1 is fixed, 1 is partially fixed and the remaining 3 are still to be fixed. Sounds like some additional fixes are coming in the next release of El Cap. How serious the unmatched vulnerabilities are I don't know but Apple will no doubt get them fixed. Right now if you get the thunderbolt malware it does it seem that reinstalling the OS or even the harddrive will not fix it it as it attacks the firmware. If this had been Microsoft a few years ago, the howls of protest and derision on this forum would have been deafening. Now you get derided if you express any concern evidently.
  • Reply 7 of 16
    larz2112larz2112 Posts: 291member
    Quote:
    Originally Posted by AppleInsider View Post



    A recently-discovered flaw in Apple's desktop operating system that allows attackers to gain root-level access without requiring users' passwords will be reportedly be fixed in the final release of OS X 10.10.5, which is already in beta.
     


     

    The typo in the homepage teaser headline and first paragraph of this article will be reportedly be [sic] fixed when someone bothers to proofread the story.

  • Reply 8 of 16

    So is there any way to mitigate this in the meantime until patches are released, such as changing Gatekeeper to only allowing installs from the Mac App Store?

  • Reply 9 of 16

    It's also a pretty easy fix.  And a vulnerability that I'm surprised got introduced in the first place.

     

    They inserted a way to for someone to write code into a file by using a logging variable right into the main loop of the code rather than through a function that has controls to look for badness.  By redoing the code to use that more protected function they can fix this.

     

    Was introduced in Yosemite when that environment variable was poorly implemented.  Code was not peer reviewed it seems to me.  Should have been caught.

     

    Still, I'm always impressed that people out in the wild take the time to find weaknesses like this.  Read the history of the person who found the Thunderstrike 2 vulnerability.  It's mind numbing.

  • Reply 10 of 16
    lostkiwilostkiwi Posts: 639member
    Did anyone read the Guardian article?
    It was almost shimmering with schadenfreude.
    They really betrayed their Fandriod bias in that article. BBC is also quite anti-Apple.

    Why do British media hate on Apple so much?
  • Reply 11 of 16
    scott6666 wrote: »
    It's also a pretty easy fix.  And a vulnerability that I'm surprised got introduced in the first place.

    They inserted a way to for someone to write code into a file by using a logging variable right into the main loop of the code rather than through a function that has controls to look for badness.  By redoing the code to use that more protected function they can fix this.

    Was introduced in Yosemite when that environment variable was poorly implemented.  Code was not peer reviewed it seems to me.  Should have been caught.

    Still, I'm always impressed that people out in the wild take the time to find weaknesses like this.  Read the history of the person who found the Thunderstrike 2 vulnerability.  It's mind numbing.

    Poorly implemented and not reviewed covers Yosemite perfectly.
  • Reply 12 of 16
    singularitysingularity Posts: 1,328member
    lostkiwi wrote: »
    Did anyone read the Guardian article?
    It was almost shimmering with schadenfreude.
    They really betrayed their Fandriod bias in that article. BBC is also quite anti-Apple.

    Why do British media hate on Apple so much?
    they dont
  • Reply 13 of 16
    solipsismysolipsismy Posts: 5,099member
    lostkiwi wrote: »
    Did anyone read the Guardian article?
    It was almost shimmering with schadenfreude.
    They really betrayed their Fandriod bias in that article. BBC is also quite anti-Apple.

    Why do British media hate on Apple so much?

    If you're a parent with two kids and one kids always fucks up at some point you get so numb to their perpetually poor decisions that you become happy they simply aren't in jail and can hold a job for 3 months, but you're not really expecting much more out of them. But the other kid, the one that planned ahead and had a goal in mind, acted thoughtfully and responsibly toward others and life, you will probably get upset with them if get make a stupid mistake even if that mistake isn't really anything more than a hiccup with no real longterm consequences to their life's goals. You simply don't treat each each kid the same way.
  • Reply 14 of 16
    thepixeldocthepixeldoc Posts: 2,257member
    ^^^^ Clever analogy!

    Have yourself a couple 100 reputation up-votes and bonus 50 for not mentioning cars in the whole spiel :D
  • Reply 15 of 16

    "A second vulnerability — dubbed TThunderstrike 2 — that allows Thunderbolt devices to help spread a worm which lets attackers overwrite a Mac's firmware was reportedly partially addressed in OS X 10.10.4."

     

    So they closed the door but forgot to lock it?

  • Reply 16 of 16
    gatorguygatorguy Posts: 24,153member
    This is dumb...
    Seems Oracle takes offense with security folks looking for holes and exploits in Oracle software. They even consider it illegal to do so! Very short-sighted...
    http://www.networkworld.com/article/2969773/oracle-pulls-blog-post-critical-of-security-vendors-customers.html
Sign In or Register to comment.