According to TechNewsWorld, “Malwarebytes has discovered a new zero day exploit in OS X that lets apps bypass passwords during installation to get root permission through a Unix shell.” The exploit installs an application that allows “anything to be installed anywhere”. There was a time when Mac users were a small contingent on the Internet and just were not targeted that often. Mac users would scoff that they had to be worried about such things as being compromised, or utilized as a DDoS attack zombie. It has been a huge part of their marketing for years to be considered a more secure platform in comparison to Windows and other open source operating systems. However, those days may be gone.
According to AppleInsider.com, at the end of 2014, Apple shipped 5.8 million Macs in just 3 months. With Mac numbers growing, they also become a better target as a DDoS zombie, or any other nefarious source a hacker seems fit to utilize.
“Apple has not fixed [the vulnerability] yet,” said Thomas Reed, director of Mac offerings at Malwarebytes. “I can’t say why not, but it does appear that they have known about the issue for some time. Apparently, another researcher [with the Twitter handle ‘@beist’] alerted Apple prior to Esser’s release, but I’m unclear on the timing of that report.”
And if it makes you feel any better, the people behind the DYLD exploit (as it is being called) are “just adware vendors,” Reed said. They “tend to write careless, sloppy code, and haven’t showed any signs of being highly skilled.” However, it’s important to keep in mind that adware exploits affect small and large players on the internet alike, with giants like Google and Yahoo, who only this last week had trouble.
So if you find yourself concerned about becoming an unintended zombie in a DDoS attack (as well you should!), take a look over at Malwarebytes’ website for an updated kernel.a