Skip to comments.
Hackers are installing malware on Macbooks — and there’s nothing you can do to stop them
Business Insider ^
| 08/04/2015
| Alastair Stevenson
Posted on 08/04/2015 8:54:07 AM PDT by SeekAndFind
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-38 next last
To: SeekAndFind
So without root password how do you install anything? I think this is a hack on the browsers not he OS. I didn’t read the links so I am not sure.
2
posted on
08/04/2015 8:57:20 AM PDT
by
central_va
(I won't be reconstructed and I do not give a damn.)
To: SeekAndFind
Presumably, the dynamic linker runs SUID root itself, or it couldn’t write to other SUID root files.
That is why you have to be very careful coding SUID root utility functions. The history of Unix is full of these sorts of mistakes.
To: SeekAndFind
I can stop them. I haven’t bought a MacBook, so they are stopped.
4
posted on
08/04/2015 8:59:39 AM PDT
by
Jonty30
(What Islam and secularism have in common is that they are both death cults)
To: SeekAndFind
Junkware is useless software that doesnt directly damage a computer, but doesnt offer any clear benefits to its user.Hmmm... sounds like a description of 70+% of our Government workers...
5
posted on
08/04/2015 9:01:10 AM PDT
by
El Cid
(Believe on the Lord Jesus Christ, and thou shalt be saved, and thy house...)
To: central_va
I believe it is an attack on a poorly-coded SUID root function.
Certain executables in Unix run SID root, which means that the program runs as root even if the user is an ordinary user. For example, the ‘ls’ command runs as root, so any user can see any other user’s processes. Provided the executables are properly coded and tested, this is not an issue. But a big part of the Unix hacker’s toolkit is to try to get an SUID binary to execute arbitrary code, so these functions have to be careful tested.
To: Swordmaker
7
posted on
08/04/2015 9:03:21 AM PDT
by
conservatism_IS_compassion
('Liberalism' is a conspiracy against the public by wire-service journalism.)
To: SeekAndFind
THIS JUST IN
federal prisoner hilary clinton now blames Crapware for her.....Email server hard drive crash!!
8
posted on
08/04/2015 9:04:09 AM PDT
by
MeshugeMikey
("Never, Never, Never, Give Up," Winston Churchill ><>)
To: SeekAndFind
Sounds like Yosemite only.
More Apple half assed software upgades? No wonder their stock is tanking.
To: conservatism_IS_compassion
Will Swordmaker switch to Windows 10? : )
To: SeekAndFind; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; ...
It doesn't rain but it pours. . . DAMN! A vulnerability in the "way Apple OS X version 10.10 logs software errors and can be used by hackers to forcibly install software on MacBooks" (this should apply to iMacs as well Swordmaker), according to the article. PING!
Apple Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
11
posted on
08/04/2015 9:11:08 AM PDT
by
Swordmaker
( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: MeshugeMikey
Okay, stop that, I LOL’ed loud enough that people in the cube farm are staring...
12
posted on
08/04/2015 9:11:12 AM PDT
by
Old Sarge
(I prep because DHS and FEMA told me it was a good idea...)
To: SeekAndFind
13
posted on
08/04/2015 9:12:00 AM PDT
by
Sergio
(An object at rest cannot be stopped! - The Evil Midnight Bomber What Bombs at Midnight)
To: minnesota_bound
Will Swordmaker switch to Windows 10? : ) Nope. ;^)
14
posted on
08/04/2015 9:12:38 AM PDT
by
Swordmaker
( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: SeekAndFind
Execute hackers. Or just send them to prison with the general population. No white collar Camp Cupcake.
15
posted on
08/04/2015 9:16:11 AM PDT
by
JimRed
(Excise the cancer before it kills us; feed & water the Tree of Liberty! TERM LIMITS NOW & FOREVER!)
To: JimRed
Live,streaming video of hackers and other data criminals being executed. Firing squads or hangings.
16
posted on
08/04/2015 9:21:44 AM PDT
by
wally_bert
(There are no winners in a game of losers. I'm Tommy Joyce, welcome to the Oriental Lounge.)
To: Old Sarge
hahaha Thank you!!
The media isnt decimating hillary fast enough so I was forced to out it into High Gear!!
17
posted on
08/04/2015 9:30:11 AM PDT
by
MeshugeMikey
("Never, Never, Never, Give Up," Winston Churchill ><>)
To: Swordmaker
I have been using a much earlier version of OSX 10 for many moons...for a number of reasons...not the least of which is avoiding dungware, etc
18
posted on
08/04/2015 9:31:19 AM PDT
by
MeshugeMikey
("Never, Never, Never, Give Up," Winston Churchill ><>)
To: Swordmaker
Thanks for the ping. I followed the link. Here are two tests, the first exercises the vulnerability:
$ EDITOR=/usr/bin/true DYLD_PRINT_TO_FILE=/this_system_is_vulnerable crontab -e
result: $ ls -l /
...
-rw-r--r-- 1 root wheel 0 Aug 4 12:24 this_system_is_vulnerable
...
Test 2:
cat > /try_it_without_bug
-bash: /try_it_without_bug: Permission denied
Note the correct response in the second test, permission denied. In the first test the simple shell command created a file where I do not have permission to create one. Not only that, but I could write over any file anywhere with a script to run whatever I want. That is a escalation bug. I am running without privileges, obviously.
I have 10.10.4 with updates as of a week ago. I must say that I am not worried about a bug like this even though it is a very simple because I practice safe browsing. But it should be a concern and I only highlight it as a simple example of a privilege escalation which means running as an unprivileged user does not add any security.
19
posted on
08/04/2015 9:32:37 AM PDT
by
palmer
(Net "neutrality" = Obama turning the internet into FlixNet)
To: proxy_user
For example, the ls command runs as root, so any user can see any other users processes Is that a Mac silliness? ls (or ps, which you probably meant) certainly aren't suid on RHEL.
20
posted on
08/04/2015 9:33:35 AM PDT
by
Darth Reardon
(Is it any wonder I'm not the president?)
Navigation: use the links below to view more comments.
first 1-20, 21-38 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson