Security Researcher Reports Privilege-Escalation Bug in OS X

A privilege-escalation bug was identified in the latest version of Apple’s OS X this week by security researcher Stefan Esser. The vulnerability reportedly provides hackers with root user privileges that make it possible to infect Macs with rootkits and other malware. This type of bug is commonly used to bypass security protections created for applications and operating systems. According to Esser, the vulnerability can be found in OS X Yosemite 10.10.4 and the beta version of 10.10.5, but not in the recent beta version of El Capitan 10.11.

apple28Esser claims that privilege-escalation bugs were possible because standard safeguards were not included in new features added to OS X for logging system errors. This provided hackers with the opportunity to initiate files enabling root privileges.

“Hacking Team, the Italian malware-as-a-service provider that catered to governments around the world, recently exploited similar elevation-of-privileges bugs in Microsoft Windows,” reports Ars Technica.

“When combined with a zero-day exploit targeting Adobe’s Flash media player,” explains Ars, “Hacking Team was able to pierce security protections built into Google Chrome, widely regarded as the Internet’s most secure browser by default.”

Apple is expected to quickly patch the vulnerability. A company rep explained that its engineers are aware of Esser’s report.

Click here to access Esser’s original findings and a GitHub link to source code of a kernel extension that protects users from the vulnerability.