[MacTUG] MacOS 10.10 security vulnerability now being exploited

[Mike Patterson]

That eliminates the current remote vector, although attackers have demonstrated they can get new signing certificates, making revoking the cert a workaround. Also, Gatekeeper in its default mode would block untrusted software, but I don’t know how many people actually run it in default mode. I don’t, it’s at “Mac App Store and identified developers” which I think would still block the revoked cert, but… well, see above.

The only real fix is Apple closing the OS hole. I don’t know how easy that is - I assume if it was, they’d have already done it.

Mike

> On Aug 4, 2015, at 9:20 PM, Glenn Anderson <glenn.anderson at uwaterloo.ca> wrote:
> 
> The page at http://www.imore.com/dyldprinttofile-and-malware-what-you-need-know states the following regarding DYLD_PRINT_TO_FILE, which seems to imply that it isn’t all that easy for it to be installed as some articles imply. Thoughts?
> 
> "It looks like Apple has already revoked the certificate used for the junkware, so Gatekeeper—Apple's system that blocks untrusted software—will prevent it from being launched without explicit user intervention. It also looks like Apple has at least begun to update OS X's automatic anti-malware definitions to recognize and reject the junkware, so it won't be able to be installed at all."
> 
> 
>> On Aug 4, 2015, at 8:27 PM, Mike Patterson <mpatterson at uwaterloo.ca> wrote:
>> 
>> https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/
>