[Swordmaker]

This vulnerability and exploit requires that the target Mac be pre-compromised by a hacker who has both access to the computer locally and an administrator's password AND the password that allows alteration of the Kernel, which is now different from even the Unix Superuser SUDO password on a Mac.

Once that is done, then, yes, it will work, because the two lines of kernel code have been altered.

Gee, who would have guess if you ALTER THE KERNEL YOU CAN REMOTELY COMPROMISE THE COMPUTER! DUH!

[House Atreides]

LOL — Color Swordmaker “not impressed”.

[fruser1]

I can completely destroy any system by breaking into the premises and smash it with a hammer.

[dinodino]

Not to mention it’s only exploitable on older versions of OSX...

[Swordmaker]

ZDNet article reports on a MacOS Zero Day vulnerability they are calling malware although it does not exist in the wild and actually requires previous local access to the target Mac AND an Administrator’s name and password as well as access to the above UNIX SuperUser password to change the Kernal code, something even the SuperUser cannot do in new Macs. If all that is prepared in advance, then, yes, it could be a risk. —PING!

Apple Security Alert Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

Thanks to the Battman for the heads up.

[Dick Vomer]

what do you recommend for MacBook pro software protection/malware protection?

[Zathras]

That looks like a correct assessment.
Attacker needs to get inside the computer plus have superuser access.

Same as Unix.
Give someone superuser access and manage to get inside the computer with a virus, you can do just about anything.

[Squantos]

bingo !

[dayglored]

Man, so-called tech journalists (urinalists) will do anything, ANYTHING, to write a headline with “Apple”, “MacOS”, and “Vulnerability” in it.

This is just saying, if you have local access, and root, you can do anything.

Allow me to echo your assessment: “Well, D-UH!!”