SUIDGuardNG for OS X.10 Yosemite ONLY!
Apple Security
with Temporary FIX for OS X.10 Yosemite users
Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 08/06/2015 9:24:25 AM PDT by for-q-clinton
Apple is reportedly working on a fix to eradicate a dangerous bug that could allow unauthorised users access to Mac OS X Yosemite machines.
The Guardian’s sources say Apple will release a security update to wipe out the so-called "zero day" DYLD bug as soon as possible.
The “privilege escalation” bug potentially allows third parties to gain administrator access to a Mac without a password.
The fix for Mac OS X 10.10.5 Yosemite will arrive shortly, ending worries that the vulnerability wouldn't be plugged before the next version, El Capitan, comes this autumn.
In the meantime, the paper says Apple plans to control the spread of the vulnerability by revoking the developer privileges of anyone who attempts to use itIn the meantime, the paper says Apple plans to control the spread of the vulnerability by revoking the developer privileges of anyone who attempts to use it.
While this won’t kill the bug completely, it should protect Mac users until the fix is rolled out. Still, it’s probably best not to install anything from untrusted sources.
The discovery of another piece of malware will do nothing to settle the fears of Macintosh users, who have long remained confident in the security of their operating system.
Thunderstrike 2, which allowed hackers to writable access to a Mac’s firmware, was struck down in 10.4.4.
Swordmaker...what do you advise your ping list to do?
1) Stop using OS X until it's patched 2) Unplug all external devices until it's patched 3) Boot to Windows 10 4) Get Malwarebytes to detect malware on OSX 5) Don't worry about it because security isn't a big deal
ping
6) Grab a linux distro.
Like Apple?....................
Short version: yeah, these are serious flaws and should be patched ASAP, but as long as you're practicing good normal security and don't install untrusted applications, you won't be hit by them unless someone gains physical access to your machine and intentionally tries to inject it.
As always, I suggest (regardless of OS) that you have separate admin and user accounts and never be logged in as admin except to do those things you absolutely must be admin for. (Which are almost none.) Don't install software downloaded from the internet unless you have made sure you can trust it.
The big danger with the firmware bug is the infected devices. I would not plug a new or borrowed device into my Mac until this is patched.
Misleading. The exploit requires piggy-backing off some other payload, and that payload would require the user to affirmatively install as admin. The exception being infected firmware, which exploits a vulnerability in all x86 computers unless it's been patched.
I’m not fully familiar with the exploit but what I read is that it can bypass admin. All you need to do is click on a link. Maybe they are over-simplifying it, but if that is accurate I think it’s fair to say anyone using OSX isn’t safe at the moment no matter what they practice if the machine is online and used to go on the Internet.
SUIDGuardNG for OS X.10 Yosemite ONLY!
If you want on or off the Mac Ping List, Freepmail me.
For-q-Clinton is correct in a way, these are not true installers, however, but exploits that are able to install extensions to Safari without permission. Ad-ware, browser hijackers, etc. . . Still not good at all. The patch above in the PING, will block them.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.