OS X Exploit found in the wild

[Xairbusdriver]

It's easy to check if this has affected you. Repair may be harder, probably requiring a System re-install. No info about that in this <MacIssue> article. If you are really paranoid, you can copy and paste the link: http://www.macissues.com/2015/08/03/dyld_p...-wild-for-os-x/

When I entered the Terminal command in the article, the only time "NOPASSWORD" appeared was this line:
# %wheel ALL=(ALL) NOPASSWD: ALL
Since the "#" is still there, the line is just a comment, it is not allowing the 'wheel' group to install anything without requiring a password. As I understand it the exploit deletes that "#" or adds itself as a user who can do things without a password.

The important info is the list of preventive, human learnable actions that will help you avoid this exploit.

QUOTE

[W]hile this may be concerning, do keep in mind that this exploit does require you download and run a nefarious malware installer. Currently no programs can automatically download and run on your Mac without you purposefully launching them, so your best bet at being safe is to simply monitor what programs you run.

QUOTE

Some examples of suspicious downloads include:

E-mail attachments recommending you open a program or link, especially from strange sources
Any automatic download in your Web browser that you did not specifically click to perform
Any program from Web sites that offer free software and services
Any sites that issue persistent warnings about the security of your computer
Any sites that appear to “lock” your computer and then require you call a support number to unlock the system.

[Xairbusdriver]

More info:
<Aug 3, 2015 ars story> This article says this is a OS X 10.10.x bug. The attack method did not work in 10.11 ßeta.

[jchuzi]

Apple to patch actively exploited privilege escalation bug in OS X 10.10.5 - report

[Xairbusdriver]

[rant]First, I have found that "MalwareBytes" now owns AdwareMedic, I need to investigate that operation and any relationship it has with MacKeeper.

Second, I'm not sure the Guardian is a reliable source for any kind of technology information.

Third, I detest the lack of attribution in any media.

Forth, the usual confusion caused by the 'they said, but others say' is rampant yet again.

Fifth, is this a simple matter of negligence in the quality control efforts at Apple?

Fortunately, I have another hand to "count the ways"!

Sixth, there still seems to be confusion among the masses about how easy (and cheap) it is to get a developers ID that lets one bypass Gatekeeper, at least once.[/rant]

[kimmer]

QUOTE(Xairbusdriver @ Aug 6 2015, 05:28 AM) <{POST_SNAPBACK}>

Second, I'm not sure the Guardian is a reliable source for any kind of technology information.

Especially Apple news since they are obviously anti-Apple.

[Paddy]

QUOTE(kimmer @ Aug 6 2015, 04:16 PM) <{POST_SNAPBACK}>

QUOTE(Xairbusdriver @ Aug 6 2015, 05:28 AM) <{POST_SNAPBACK}>

Second, I'm not sure the Guardian is a reliable source for any kind of technology information.

Especially Apple news since they are obviously anti-Apple.

I don't know - I've read several articles in the Guardian about Apple to see if theres was any noticeable bias, and couldn't say I found one. The readers - or those who make comments, on the other hand, are the usual mix of thoughtful souls, trolls and downright idiots.

The Guardian as a whole is generally well-regarded.

[Highmac]

QUOTE(Paddy @ Aug 7 2015, 03:32 AM) <{POST_SNAPBACK}>

The Guardian as a whole is generally well-regarded.

Even in the UK

[gunug]

Another grand pooh-bah has announced a "security flaw" in all X86 processor chips since 1997:

QUOTE

The vulnerability stems from a feature first added to the x86 architecture in 1997. It was disclosed Thursday at the Black Hat security conference by Christopher Domas, a security researcher with the Battelle Memorial Institute.

By leveraging the flaw, attackers could install a rootkit in the processors System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers.

Once installed, the rootkit could be used for destructive attacks like wiping the UEFI (Unified Extensible Firmware Interface) the modern BIOS or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldnt help, because they too rely on the SMM to be secure.

The attack essentially breaks the hardware roots of trust, Domas said.

http://www.itworld.com/article/2965875/sec...rcher-says.html

[Xairbusdriver]

YAED! Source: <PCWorld>, Jeremy Kirk, Aug 17, 2015 6:26 AM

Yet Another Exploit Discovered. Best advice:

QUOTE("Topher Kessler @  MacIssues, August 17, 2015")

As with other exploits for OS X, this does require you download a faulty and malicious program, and then run this program. This makes avoiding such problems relatively easy to do, but means that you and others that use your system must be diligent in not executing any program that you did not purposefully install or download from a developer’s Web site, online store, or other reputable software repository.

Just form this habit! Maybe write it on a (large?) rock?

As some bear once said,

[attachment=3174:Only_You.jpg]
"Only YOU can prevent dangerous downloads!"