Hackers are installing malware on Macbooks — and there’s nothing you can do to stop them

Business Insider ^ | 08/04/2015 | Alastair Stevenson

[SeekAndFind]

Researchers have spotted a wave of attacks targeting Macbook users.

Hackers are exploiting a critical vulnerability in Apple’s OS X operating system to install malware on Macbooks.

Malwarebytes Apple security expert Thomas Reed reported uncovering the attacks in a threat advisory.

The vulnerability was uncovered by security researcher Stefan Esser at the end of July. It relates to the way Apple OS X version 10.10 logs software errors and can be used by hackers to forcibly install software on Macbooks.

Reed said the current attacks targeting the flaw install a variety of malicious programs. These include the VSearch and Genio adwares and MacKeeper junkware.

Adware is a piece of software used to push advertisements to users. The VSearch and Genio adwares are aggressive forms of the software that push adverts to the user via a series of pop-up web browser windows.

VSearch and Genio are listed by most security tools as either potentially unwanted programs or outright malware as they regularly ignore the user's privacy settings and have spread malicious adverts in the past.

Junkware is useless software that doesn’t directly damage a computer, but doesn’t offer any clear benefits to its user.

[central_va]

So without root password how do you install anything? I think this is a hack on the browsers not he OS. I didn’t read the links so I am not sure.

[proxy_user]

Presumably, the dynamic linker runs SUID root itself, or it couldn’t write to other SUID root files.

That is why you have to be very careful coding SUID root utility functions. The history of Unix is full of these sorts of mistakes.

[Jonty30]

I can stop them. I haven’t bought a MacBook, so they are stopped.

[El Cid]

Junkware is useless software that doesn’t directly damage a computer, but doesn’t offer any clear benefits to its user.

Hmmm... sounds like a description of 70+% of our Government workers...

[proxy_user]

I believe it is an attack on a poorly-coded SUID root function.

Certain executables in Unix run SID root, which means that the program runs as root even if the user is an ordinary user. For example, the ‘ls’ command runs as root, so any user can see any other user’s processes. Provided the executables are properly coded and tested, this is not an issue. But a big part of the Unix hacker’s toolkit is to try to get an SUID binary to execute arbitrary code, so these functions have to be careful tested.

[conservatism_IS_compassion]

Ping.

[MeshugeMikey]

THIS JUST IN

federal prisoner hilary clinton now blames Crapware for her.....Email server hard drive crash!!

[ImJustAnotherOkie]

Sounds like Yosemite only.

More Apple half assed software upgades? No wonder their stock is tanking.

[minnesota_bound]

Will Swordmaker switch to Windows 10? : )

[Swordmaker]

It doesn't rain but it pours. . . DAMN! A vulnerability in the "way Apple OS X version 10.10 logs software errors and can be used by hackers to forcibly install software on MacBooks" (this should apply to iMacs as well — Swordmaker), according to the article. — PING!

Apple Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Old Sarge]

Okay, stop that, I LOL’ed loud enough that people in the cube farm are staring...

[Sergio]

Tech bkmk

[Swordmaker]

Will Swordmaker switch to Windows 10? : )

Nope. ;^)

[JimRed]

Execute hackers. Or just send them to prison with the general population. No white collar Camp Cupcake.

[wally_bert]

Live,streaming video of hackers and other data criminals being executed. Firing squads or hangings.

[MeshugeMikey]

hahaha Thank you!!

The media isnt decimating hillary fast enough so I was forced to out it into High Gear!!

[MeshugeMikey]

I have been using a much earlier version of OSX 10 for many moons...for a number of reasons...not the least of which is avoiding dungware, etc

[palmer]

Thanks for the ping. I followed the link. Here are two tests, the first exercises the vulnerability:

$ EDITOR=/usr/bin/true DYLD_PRINT_TO_FILE=/this_system_is_vulnerable crontab -e

result: $ ls -l /
...
-rw-r--r-- 1 root wheel 0 Aug 4 12:24 this_system_is_vulnerable
...

Test 2:

cat > /try_it_without_bug
-bash: /try_it_without_bug: Permission denied

Note the correct response in the second test, permission denied. In the first test the simple shell command created a file where I do not have permission to create one. Not only that, but I could write over any file anywhere with a script to run whatever I want. That is a escalation bug. I am running without privileges, obviously.

I have 10.10.4 with updates as of a week ago. I must say that I am not worried about a bug like this even though it is a very simple because I practice safe browsing. But it should be a concern and I only highlight it as a simple example of a privilege escalation which means running as an unprivileged user does not add any security.

[Darth Reardon]

For example, the ‘ls’ command runs as root, so any user can see any other user’s processes

Is that a Mac silliness? ls (or ps, which you probably meant) certainly aren't suid on RHEL.