A critical new vulnerability that can be used to forcibly install software on MacBooks without the users’ consent or administrator password has been discovered on MacBooks running OS X Yosemite, version 10.10. To exploit this bug, attackers create malware that masquerades as adware. When the “adware” is installed, the malware modifies a file in the OS that controls whether you need a password for certain commands, such as installing new software programs. Doing so allows a malicious program to run as though it is the administrator of the computer.
How is it spread?
Victims are tricked into downloading the malware via phishing emails, chats or other messages with attachments or links. Once the attachment is opened, the software then uses the bug to silently install more adware and other greyware.
How To Stay Safe:
Apple is aware of the issue but has not yet issued a patch. Currently, Norton protects agains this, antivirus coverage is in place as Bloodhound.Exploit.557 and OSX.SudoPrint. Still, it is important to use extra caution when you receive suspicious messages from senders, especially ones containing an attachment or link. Additionally, you should keep your OS up-to-date to ensure that you have the latest security features.
Apple’s OS has been known for its strong security features over the years, however, it was just a matter of time until hackers set their sights on the OS. It looks like that day has finally come, as hackers have finally started to crack Apple’s code.
Just this week, researchers created Thunderstrike 2, which is the first firmware worm that attacks Macs, and in the past few months we’ve seen other issues such as bug stealing passwords, another that would allow attackers to gain access to a computer once it wakes from “Sleep mode” and more.
We’re not yet at the point where we are seeing full-scale attacks like we see on PCs, but these new exploits are a sign of a changing threat landscape when it comes to attacks against Mac technology. A year ago, many consumers still did not see a dire need to spend the money for antivirus and Internet security software, but these new exploits and bugs that are popping up more frequently show that it might be the right time to start protecting your Mac.