Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/PathDoc

Own a Mac? You'll want to know about these security flaws...

One of which would allow an attacker to install software onto your computer without needing a password.

THE GENERAL CONSENSUS is that Apple computers tend to be safer than Windows since it’s more controlled, but that might not be the case.

A flaw in OS X, the software that runs on Mac computers, allows hackers to attack a computer and install software on it whenever they wish.

The flaw concerns a hidden document called Sudoers which is a list of permissions each piece of software has on your computer. A change to how OS X Yosemite stores the list means malware can now be added to it and if an attacker gains access, they can install junkware onto your computer.

Security software company Malwarebytes say the first known exploit happened yesterday after one of its researchers found his Sudoers file modified after discovering and testing a new adware installer.

Currently, no fix for the problem has been released by Apple. There is an extension from security researcher and software developer Esser, but as Ars Technica notes, installing a patch that doesn’t come from the official developer can be risky and should only be installed once you check it out and know what you’re doing.

Thunderbolt 2

The other issue, recently patched by the latest update, involved a computer worm that can go deep inside Mac computers, and avoid detection by antivirus software.

The worm, which was designed by two security researchers, achieves this is by installing itself into a Mac’s firmware – the software used to boot up a computer – which antivirus software doesn’t scan.

Once it’s there, it can spread between devices that are not networked by travelling through a Thunderbolt Ethernet adapter, writing itself into a Mac’s firmware  and remaining undetected.

The worm, called Thunderstrike 2, can also avoid an entire system reboot, and was discovered by two security researchers, who informed Apple about the flaw.

The first Thunderstrike exploit required the hacker to have physical access to the computer, but this one bypasses this problem and can be delivered via a link. Both exploits were fixed by recent updates, the latest update to OS X (10.10.4) prevents this from happening.

One of the researchers who designed the worm, Xeno Kovah, told Wired that the nature of the attack meant that there would be only one real way for most people to get rid of it: replace the machine entirely.

[It's] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware… For most users that’s really a throw-your-machine-away kind of situation.

LegbaCore / YouTube

Read: Not content with just smartphones, Apple wants to launch its own mobile network >

Read: Can your phone’s battery really be used to spy on you? >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Quinton O'Reilly
View 14 comments
Close
14 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds