Attackers exploit the Privilege Escalation 0-day in Mac

Learn on Udemy Today!

Adam Thomas, a researcher from Malwarebytes, has discovered a new adware installer that exploits of a zero vulnerability in Apple’s DYLD_PRINT_TO_FILE variable in the wild which helps to uses to install unwanted programs including VSearch, a variant of the Genieo package, and the MacKeeper junkware.

The vulnerability which is being exploited by this adware was first uncovered by a researcher Stefan Esser a month ago. However, this researcher did not first report about the flaw to the company concerned.
The adware was able to change the Sudoers file – s a hidden Unix file that determines, among other things, who is allowed to get root permissions in a Unix shell, and how.

 The modification made to the sudoers file, in this case, allowed the app to gain root permissions via a Unix shell without needing a password.

According to a post by MalwareBytes, if anyone installs VSearch, the installer will also install a variant of the Genieo adware and the MacKeeper junkware. As its final operation, it directs the user to the Download Shuttle app on the Mac App Store.

However, Apple has still not turned up to fix the problem. 

Leave a Reply