It is remarkable to see that AppleInsider writes a lengthy editorial blaming Google when a serious Android security flaw is discovered, but is much less responsive with a serious OSX security flaw.
Let me be clear: both flaws should not happen, but I expected some more honesty from AI. It is not because it is happening in OSX that security flaws become more acceptable.
This is as bad as it gets. This is not some garbage "attacker has to sneak over to your machine while you are on break and you left the machine with a root shell running" kind of attack. I verified the hack as well. It is very real and extraordinarily dangerous. Let's see how fast Apple can react in a real emergency.
I read somewhere in the net that you still need to introduce it into a Mac either through phishing, usb device or an ethernet connection.
Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple's OS X so they can perform drive-by attacks that install malware without requiring victims to enter system passwords, researchers said.
On Monday, researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware.
You first have to download a dodgy installer from a dodgy source, ignoring warnings in the browser.
Then run dodgy installer.
Then you must ignore all the warnings about this.
Then you must bypass gatekeeper, which most people have on.
Then you might get this.
Are you assuming that you'll get warnings about it and that you must actively bypass gatekeeper or did you find details that haven't been widely reported yet? Serious question.
Apparently it was reported to them some time ago according to the article link so they've had time to work it out. Perhaps they were caught by surprise when the security flaw made it into the wild and actively exploited, thinking they had some more time before the patch needed to be delivered. Dunno. No doubt Apple will have it out in short order now. By next month this will probably be an old story.
You first have to download a dodgy installer from a dodgy source, ignoring warnings in the browser.
Then run dodgy installer.
Then you must ignore all the warnings about this.
Then you must bypass gatekeeper, which most people have on.
Then you might get this.
Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple's OS X so they can perform drive-by attacks that install malware without requiring victims to enter system passwords, researchers said.
On Monday, researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware.
This is as bad as it gets. This is not some garbage "attacker has to sneak over to your machine while you are on break and you left the machine with a root shell running" kind of attack. I verified the hack as well. It is very real and extraordinarily dangerous. Let's see how fast Apple can react in a real emergency.
So tell me how you would put this on my machine sitting here in St. Louis without me doing anything. Be specific, no generalizations. I’m waiting.
It is remarkable to see that AppleInsider writes a lengthy editorial blaming Google when a serious Android security flaw is discovered, but is much less responsive with a serious OSX security flaw.
Let me be clear: both flaws should not happen, but I expected some more honesty from AI. It is not because it is happening in OSX that security flaws become more acceptable.
The difference of course is that most Android users will remain vulnerable. They will not receive any patch from their carrier for months or possibly never. At least this will be fixed soon.
Found a good article by Topher Kessler which includes a terminal command to see if you are infected, and what to look for. It also explains that it still not possible for malware to download and install itself on a Mac. The user must still launch the installer manually. So this thing is spread the old fashion way, by phishing and trojan and requires an exploit of the user’s brain.
So, when it's an android or windows weakness, it's the fault of the software developers, but when it's a weakness in iOS or OS X, ooooo it's those dirty "nefarious" hackers.
The blame shuffling going on here is impressive.
It's a lot more common and easy in other systems. These hackers have to work a little harder to do this stuff on OSX.
The main difference is the time it takes to get fixed.
It's a lot more common and easy in other systems. These hackers have to work a little harder to do this stuff on OSX.
The main difference is the time it takes to get fixed.
OSX = up to 1 week
Windows = up to 2 months
Android = never.
You will find OS X's track record is a LOT worse than you make out.
XProtect malware definitions are updated quickly, but serious exploits at the system level or in the included frameworks tend to languish for months.
That you feel it only takes a week is due to the fact that at some point, the security researches are fed up with nothing happening and go public with the bugs they reported months before. At that point, you first read about it, and Apple heroically springs into action and supplies an update.
This is as bad as it gets. This is not some garbage "attacker has to sneak over to your machine while you are on break and you left the machine with a root shell running" kind of attack. I verified the hack as well. It is very real and extraordinarily dangerous. Let's see how fast Apple can react in a real emergency.
Quote:
Originally Posted by lkrupp
So tell me how you would put this on my machine sitting here in St. Louis without me doing anything. Be specific, no generalizations. I’m waiting.
These types never respond do they. They drop their turd and don’t pick it up, leaving it to stink up the place.
Would setting the system immutable flag on /etc/sudoers help mitigate this particular exploit at all? It's definitely not a panacea, and the exploit could evolve to write some other system file, but it's _supposed_ to prevent even root from modifying files without turning off the flag...
Comments
Originally Posted by steverance
According the the article ....
Esser said the vulnerability is present in Apple's current OS X 10.10.4 and recent beta versions of OS X 10.10.5, but not early builds of OS X 10.11.
So it's already been fixed ... Doh!
But as most users aren't using 10.11 beta, a patch is needed now!
It is remarkable to see that AppleInsider writes a lengthy editorial blaming Google when a serious Android security flaw is discovered, but is much less responsive with a serious OSX security flaw.
Let me be clear: both flaws should not happen, but I expected some more honesty from AI. It is not because it is happening in OSX that security flaws become more acceptable.
This is as bad as it gets. This is not some garbage "attacker has to sneak over to your machine while you are on break and you left the machine with a root shell running" kind of attack. I verified the hack as well. It is very real and extraordinarily dangerous. Let's see how fast Apple can react in a real emergency.
I read somewhere in the net that you still need to introduce it into a Mac either through phishing, usb device or an ethernet connection.
It is not easy as you said.
Nothing wrong with AI's flame on Google. Here's how it works:
Apple creates/applies the patch and then tests it. After testing the patch is distributed or autoloaded to almost all targets.
Google creates/applies the patch and then tests it. After testing the patch is made available for distribution.
Take a moment and contemplate the difference between the two.
Also consider that the target configurations number on the order of 1B for Google and 500M for Apple.
That is NOT true!
http://arstechnica.com/security/2015/08/0-day-bug-in-fully-patched-os-x-comes-under-active-exploit-to-hijack-macs/
Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple's OS X so they can perform drive-by attacks that install malware without requiring victims to enter system passwords, researchers said.
On Monday, researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware.
That makes me wonder if they fixed it for the prior OSX versions that people can no longer upgrade from.
Interesting to see one where people can't claim "just because it's a security issue doesn't mean it will be used" though.
You first have to download a dodgy installer from a dodgy source, ignoring warnings in the browser.
Then run dodgy installer.
Then you must ignore all the warnings about this.
Then you must bypass gatekeeper, which most people have on.
Then you might get this.
Apparently it was reported to them some time ago according to the article link so they've had time to work it out. Perhaps they were caught by surprise when the security flaw made it into the wild and actively exploited, thinking they had some more time before the patch needed to be delivered. Dunno. No doubt Apple will have it out in short order now. By next month this will probably be an old story.
That is all.
This is as bad as it gets. This is not some garbage "attacker has to sneak over to your machine while you are on break and you left the machine with a root shell running" kind of attack. I verified the hack as well. It is very real and extraordinarily dangerous. Let's see how fast Apple can react in a real emergency.
So tell me how you would put this on my machine sitting here in St. Louis without me doing anything. Be specific, no generalizations. I’m waiting.
It is remarkable to see that AppleInsider writes a lengthy editorial blaming Google when a serious Android security flaw is discovered, but is much less responsive with a serious OSX security flaw.
Let me be clear: both flaws should not happen, but I expected some more honesty from AI. It is not because it is happening in OSX that security flaws become more acceptable.
The difference of course is that most Android users will remain vulnerable. They will not receive any patch from their carrier for months or possibly never. At least this will be fixed soon.
Found a good article by Topher Kessler which includes a terminal command to see if you are infected, and what to look for. It also explains that it still not possible for malware to download and install itself on a Mac. The user must still launch the installer manually. So this thing is spread the old fashion way, by phishing and trojan and requires an exploit of the user’s brain.
http://www.macissues.com/2015/08/03/dyld_print_to_file-exploit-found-in-the-wild-for-os-x/#more-3706
A clear explanation.
Moving on ....
So, when it's an android or windows weakness, it's the fault of the software developers, but when it's a weakness in iOS or OS X, ooooo it's those dirty "nefarious" hackers.
The blame shuffling going on here is impressive.
It's a lot more common and easy in other systems. These hackers have to work a little harder to do this stuff on OSX.
The main difference is the time it takes to get fixed.
OSX = up to 1 week
Windows = up to 2 months
Android = never.
It's a lot more common and easy in other systems. These hackers have to work a little harder to do this stuff on OSX.
The main difference is the time it takes to get fixed.
OSX = up to 1 week
Windows = up to 2 months
Android = never.
You will find OS X's track record is a LOT worse than you make out.
XProtect malware definitions are updated quickly, but serious exploits at the system level or in the included frameworks tend to languish for months.
That you feel it only takes a week is due to the fact that at some point, the security researches are fed up with nothing happening and go public with the bugs they reported months before. At that point, you first read about it, and Apple heroically springs into action and supplies an update.
This is as bad as it gets. This is not some garbage "attacker has to sneak over to your machine while you are on break and you left the machine with a root shell running" kind of attack. I verified the hack as well. It is very real and extraordinarily dangerous. Let's see how fast Apple can react in a real emergency.
So tell me how you would put this on my machine sitting here in St. Louis without me doing anything. Be specific, no generalizations. I’m waiting.
These types never respond do they. They drop their turd and don’t pick it up, leaving it to stink up the place.
Would setting the system immutable flag on /etc/sudoers help mitigate this particular exploit at all? It's definitely not a panacea, and the exploit could evolve to write some other system file, but it's _supposed_ to prevent even root from modifying files without turning off the flag...