Lane Thames, Software Development Engineer and Security Researcher at Tripwire explains what the implications of zero-day vulnerability in OS X  can be :

Lane Thames, Software Development Engineer and Security Researcher at Tripwire

“Based on reports that are surfacing, this bug could open doors for malvertising. The Malwarebytes report suggests that this DYLD-Print_to_File zero-day bug was used by an adware installer that was able to add commands to the system’s “sudoers” file. The sudoers file in Unix-based operating systems such as OS X essentially allows an administrator to give non-administrative users privileged, administrative rights to run certain programs. If non-administrative users, i.e. non-root users, are able to update this file, then essentially they can take over the entire system, and that appears to be the case from the Malwarebytes adware analysis.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]

ISBuzz Staff
Expert Comments : 0
Security Articles : 2521

ISBuzz staff provides a brief synopsis and summary of the breaking information security news and topics to allow information security experts to provide their expert commentary on the breaking news or the topics.