Authored by a Symantec employee
A critical new vulnerability that can be used to forcibly install software on MacBooks without the users’ consent or administrator password has been discovered on MacBooks running OS X Yosemite, version 10.10. To exploit this bug, attackers create malware that masquerades as adware. When the “adware” is installed, the malware modifies a file in the OS that controls whether you need a password for certain commands, such as installing new software programs. Doing so allows a malicious program to run as though it is the administrator of the computer.
How is it spread?
Victims are tricked into downloading the malware via phishing emails, chats or other messages with attachments or links. Once the attachment is opened, the software then uses the bug to silently install more adware and other greyware.
How To Stay Safe:
Apple is aware of the issue but has not yet issued a patch. Currently, Norton protects agains this, antivirus coverage is in place as Bloodhound.Exploit.557 and OSX.SudoPrint. Still, it is important to use extra caution when you receive suspicious messages from senders, especially ones containing an attachment or link. Additionally, you should keep your OS up-to-date to ensure that you have the latest security features.
Apple’s OS has been known for its strong security features over the years, however, it was just a matter of time until hackers set their sights on the OS. It looks like that day has finally come, as hackers have finally started to crack Apple’s code.
Just this week, researchers created Thunderstrike 2, which is the first firmware worm that attacks Macs, and in the past few months we’ve seen other issues such as bug stealing passwords, another that would allow attackers to gain access to a computer once it wakes from “Sleep mode” and more.
We’re not yet at the point where we are seeing full-scale attacks like we see on PCs, but these new exploits are a sign of a changing threat landscape when it comes to attacks against Mac technology. A year ago, many consumers still did not see a dire need to spend the money for antivirus and Internet security software, but these new exploits and bugs that are popping up more frequently show that it might be the right time to start protecting your Mac.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.