Mac users have been warned of the first worm that can automatically download 'adware' to their machines.It comes just days after a second warning over firmware hacks was revealed - although Apple has already developed a fix.The new privilege-escalation bug stems from new error-logging features that Apple added to OS X 10.10, the latest version of its Mac software.
It was first revealed last week, but was believed to be theoretical.Now researchers say the first use of the technique has been spotted in the wild.Researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware.
Last month, Stefan Esser blogged about a zero-day vulnerability in OS X, without having informed Apple about the problem first. Now, it appears hackers were quick to capitalise on it. The exploit allows the hackers to install software without the need for a password. The script installs VSearch, and the installer will also install a variant of the Genieo adware and the MacKeeper junkware.
As its final operation, it directs the user to the Download Shuttle app on the Mac App Store.
It is believed Apple is developing a fix, and has already revoked the software's privileges, meaning users see a warning if it tries to install. The fix has also been available for several days for users running the latest test versions of Apple's software, and is expected to roll out to everyone else within days. Esser said the flaw is present in the current 10.10.4 version of OS X, as well as a beta version of 10.10.5 he recently tested.
However, today he admitted the latest beta version DOES protect users. He said his exploits didn't work against a beta version of 10.11, an indication Apple developers already knew of the vulnerability and have been testing a fix.
'It's worrying to see the vulnerability is now being exploited by bad guys, and the lack of response so far from Apple as to how they expect Yosemite users to protect themselves,' said security expert Graham Cluley on his blog.
The second issue affects the Mac's firmware.
The Thunderstrike firmware bug uses a mix of weaknesses in the firmware of a computer, the embedded operating system which runs the lowest-level functions such as fans, power supply units, and USB ports, and lets the researchers overwrite that software with their own code, and five of these six weaknesses are present on Macs as well as PCs.
Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs. The researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.
The researchers notified Apple, which has patched two of the vulnerabilities, but three remain unpatched, it is believed. According to Wired, 'The attack raises the stakes considerably for system defenders since it would allow someone to remotely target machines—including air-gapped ones—in a way that wouldn’t be detected by security scanners and would give an attacker a persistent foothold on a system even through firmware and operating system updates.'
Like us on Facebook →