Apple is taking action to mitigate a major security vulnerability in its Mac OS X system.
The zero-day flaw was exposed in the latest build of OS X by German researcher Stefan Esser revealed how hackers can inject malware and adware into the Mac operating system without needing a password.
Revealed in June, the flaw stems from a gap in the system’s Print to File function that gives cyber attackers privileged access to a system by allowing a malicious program to mimic the system administrator.
The flaw has been fixed in the beta version of OS X El Capitan, according to Esser but he said that, despite contacting Apple about the flaw, the firm does not appear to have fixed it in other versions.
“At the moment it is unclear if Apple knows about this security problem or not because, while it is already fixed in the first betas of OS X 10.11, it is left unpatched in the current release of OS X 10.10.4 and in the current beta of OS X 10.10.5,” he said.
However, Esser explained that this may simply be “the result of a code clean-up and not based on realising the security implications”.
Meanwhile, a researcher at Malwarebytes has revealed that the flaw is now being exploited in the wild after he discovered that his ‘sudoers’, the file that manages system permissions, had been modified while testing an adware installer.
“The change made by the script allows shell commands to be executed as root using sudo, without the usual requirement for entering a password,” he said.
“Then the script uses sudo’s new password-free behaviour to launch the VSInstaller app, which is found in a hidden directory on the installer’s disk image, giving it full root permissions, and thus the ability to install anything anywhere.”
V3 now understands that Apple has already revoked the developer credentials to the ‘sudoes’ tool and is updating OS X XProtect to identify the software as malware in an effort to fix the issue.
A separate research team has successfully designed a proof-of-concept worm that targets Mac firmware, warning that the worm can spread from MacBook to MacBook without the hardware being networked.
An experiment to be unveiled at the 2015 Black Hat security conference in Las Vegas will show that the worm, dubbed Thunderstrike 2, can infect a MacBook via a phishing email that will then spread to any other physical hardware with which it comes into contact.
The research, conducted by security experts Trammell Hudson and Xeno Kovah, found that the only way to eliminate the problem in the computer firmware is to re-flash the actual chip that contains the firmware.
“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Kovah told Wired.
Malware attacks are common on Windows-based systems, but this research has shown that every computer system is open to vulnerabilities.
Malware was recently found speading through Yahoo’s advertising network in an orchestrated campaign using the sophisticated Angler exploit kit that affected millions of internet users.