OS X zero-day flaw: Mac owners having malicious software installed on Apple computers
A researcher made the vulnerability public without telling Apple — and it is now being used by hackers to install malicious software
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers are using a vulnerability in Apple Macs that can let anyone take control of a computer just by asking — and there's no good way that people can protect themselves.
The attack exploits the way that Macs give users permissions, which allow them to delete files and make changes to settings, among other things. It tricks computers into giving anyone the power to do so, letting hackers take over computers and delete files or use them for malicious purposes.
The vulnerability was made public last month, when a security researcher found it and wrote about it in a blog, without telling Apple to give it a chance to fix the problem. Now hacks that exploit the vulnerability to take over computers are being found in the wild, according to Malwarebytes.
The new exploit installs apps that take over the computer to install junk, ads and other malicious software.
Apple was made aware of the bug by another researcher, they have claimed.
The problem has already been fixed in the beta versions of Apple’s next operating system, El Capitan. But it remains in the current version of Mac OS, Yosemite, according to reports.
There is no way of protecting computers against the vulnerability, beyond installing software made available by Esser, the same researcher who made the information public and gave it to the hackers that are now exploiting it. As Malwarebytes points out, that situation “introduces some serious questions about ethics and conflict of interest”.
Users must go through a fairly complicated process to actually install the malware. Users must first download and then run the problem file, before clicking through the various warnings that are built into Macs so that apps can’t
But malicious software is often distributed through apparently innocent means like fake emails, so that people will download it. And the same bug could easily be used by somebody sat at the computer.
It is the second Apple security flaw to be found in recent days. The two problems are particularly surprising because Apple has long known to pride itself on the fact that its computers were much less vulnerable to such problems than PCs.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments