Lane Thames, Software Development Engineer and Security Researcher at Tripwire explains what the implications of zero-day vulnerability in OS X  can be :

Lane Thames, Software Development Engineer and Security Researcher at Tripwire

“Based on reports that are surfacing, this bug could open doors for malvertising. The Malwarebytes report suggests that this DYLD-Print_to_File zero-day bug was used by an adware installer that was able to add commands to the system’s “sudoers” file. The sudoers file in Unix-based operating systems such as OS X essentially allows an administrator to give non-administrative users privileged, administrative rights to run certain programs. If non-administrative users, i.e. non-root users, are able to update this file, then essentially they can take over the entire system, and that appears to be the case from the Malwarebytes adware analysis.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]

ISBuzz Staff
Expert Comments : 1
Security Articles : 12413

ISBuzz staff provides a brief synopsis and summary of the breaking information security news and topics to allow information security experts to provide their expert commentary on the breaking news or the topics.
Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x