A researcher uncovered a security exploit in Apple's latest OS X operating system that allows your Mac to grant privilege escalation to attackers. In turn, attackers can gain control and hijack your Mac.
The exploit affects systems running OS X Yosemite. Security researcher Stephan Esser discovered that the vulnerability was not present in the early OS X 10.11 El Capitan betas, but remains unpatched in OS X10.10.4 and the beta of OS X 10.10.5, so it remains unclear if Apple is aware of this vulnerability.
The vulnerability is the result of the way that errors are logged in OS X.
Changes to OS X that enables the vulnerability
Apple made changes to the dynamic linker dyld with the release of OS X Yosemite, allowing the DYLD_PRINT_TO_FILE to write errors to an arbitrary file.
Under normal circumstances, the dynamic linker would reject environmental variables passed to it for restricted files, but Apple didn't implement any safeguards in Yosemite. Because there are no restrictions, dyld will accept the error logging files, even for restricted root binaries.
The result, if exploited, would give hackers easy privilege escalation in Yosemite to hijack your Mac and take over control of your system.
Esser says that the vulnerability is no longer present in OS X 10.11 beta, but that the patch may have been accidental on Apple's part.
A fix for this vulnerability has been created by Esser, which you can download and install if you don't want to wait for Apple to release an official patch. The fix has been posted to GitHub.
- Read our coverage of OS X El Capitan