OS X flaw leaves Macs vulnerable to attacks, no password required

The latest version of OS X contains a serious flaw that hackers can use to attack your computer without ever needing your password. The issue is around a hidden document — Sudoers — which is effectively a list of permissions as to which pieces of software are allowed to mess around with your computer. Unfortunately, a change to how Yosemite stores the list means that it’s now possible to add malware to the register. As such, if you inadvertently run an offending script, hackers can take advantage of your computer’s unwitting hospitality to install crapware like VSearch and MacKeeper.The vulnerability was discovered by old-school iOS jailbreaker Stefan Esser who, according to MalwareBytes, is accused of publicly revealing the flaw before telling Apple. That’s a big faux pas in the security community, with Google going toe-to-toe with Microsoft about revealing as-yet un-patched flaws that have a real risk of harming users.

Source: OS X flaw leaves Macs vulnerable to attacks, no password required

Advertisement