The feature allows attackers to install malware on a Mac without needing any system passwords which makes life super easy for hackers to borrow Apple fan’s Coldplay collections and share their favourite pictures of their mother’s basement.
The feature was first spotted last week but Apple, in typical form, failed to do anything about it. Its fanboys moaned on web groups that the Samsung friendly press was just making up stories as it was only “proof of concept”.
Now there is evidence that it is being used in the wild by hackers. At the heart of the problem is an error-logging feature in OS X.
Researchers from anti-malware firm Malwarebytes announced that they’d identified a malicious installer in the wild that was exploiting the vulnerability to install malware without any need for a password. They explained in their bog: Sudoers file is a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell. The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.
The script modifies the sudoers file. The change made by the script allows shell commands to be executed as root using sudo, without the usual requirement for entering a password.
Then the script uses sudo’s new password-free behaviour to launch the VSInstaller app, which is found in a hidden directory on the installer’s disk image, giving it full root permissions, and thus the ability to install anything anywhere.
The flaw can be found in current, fully patched 10.10.4 version of OS X, but isn’t present in a beta version of 10.11 — which suggests that Apple developers knew it was a problem. However, until Apple releases a fix, there aren’t many good options. It is probably better that you invest in a proper operating system and smash the old Apple one with a hammer.