b374k
v10
today : | at : | safemode : ON
> / home / facebook / twitter / exit /
name author perms com modified label

Attackers exploit the Privilege Escalation 0-day in Mac Asylum rwxr-xr-x 0 11:30 AM

Filename Attackers exploit the Privilege Escalation 0-day in Mac
Permission rw-r--r--
Author Asylum
Date and Time 11:30 AM
Label
Action

Adam Thomas, a researcher from Malwarebytes, has discovered a new adware installer that exploits of a zero vulnerability in Apple's DYLD_PRINT_TO_FILE variable in the wild which helps to uses to install unwanted programs including VSearch, a variant of the Genieo package, and the MacKeeper junkware.

The vulnerability which is being exploited by this adware was first uncovered by a researcher Stefan Esser a month ago. However, this researcher did not first report about the flaw to the company concerned.

The adware was able to change the Sudoers file - s a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how.

 The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.

According to a post by MalwareBytes, if anyone installs VSearch, the installer will also install a variant of the Genieo adware and the MacKeeper junkware. As its final operation, it directs the user to the Download Shuttle app on the Mac App Store.

However, Apple has still not turned up to fix the problem. 


via E Hacking News - Latest Hacker News and IT Security News Attackers exploit the Privilege Escalation 0-day in Mac http://ift.tt/1MWd0k8

0 comments:

Post a Comment

 

Jayalah Indonesiaku © 2010 Hacker News
VB (Vio b374k) Template design by p4r46hcyb3rn3t