"The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password," wrote Thomas in an Aug. ![]() Mac users are typically required to enter an administrator password before installing code to their systems. Malwarebytes' Adam Thomas found the vulnerability exploit in the wild after examining an adware installer, which used the escalation of privilege flaw to drop its payload without the user's knowledge. According to a Korean researcher who goes by the nickname "beist" on Twitter, the bug had been reported to Apple before Esser revealed the flaw.Įsser took heat from some quarters for not informing Apple before publishing his findings. ![]() ![]() The vulnerability - which is Yosemite-specific - was publicly disclosed last month by German researcher Stefan Esser, who also posted exploit code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |