Zero-Day Vulnerability in Mac OS X

By   ISBuzz Team
Writer , Information Security Buzz | Aug 13, 2015 05:00 pm PST

Lane Thames, Software Development Engineer and Security Researcher at Tripwire explains what the implications of zero-day vulnerability in OS X  can be :

Lane Thames, Software Development Engineer and Security Researcher at Tripwire

“Based on reports that are surfacing, this bug could open doors for malvertising. The Malwarebytes report suggests that this DYLD-Print_to_File zero-day bug was used by an adware installer that was able to add commands to the system’s “sudoers” file. The sudoers file in Unix-based operating systems such as OS X essentially allows an administrator to give non-administrative users privileged, administrative rights to run certain programs. If non-administrative users, i.e. non-root users, are able to update this file, then essentially they can take over the entire system, and that appears to be the case from the Malwarebytes adware analysis.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x