OS X privilege escalation exploit makes for silent-killer malware

A zero-day vulnerability in OS X Yosemite has been exploited in the wild, and it's a doozy. According to Malwarebytes, a script that exploits the vulnerability can give a user root privileges without the need for a password prompt, which then allows malware running under that user's account to do untold harm to a vulnerable Mac.

OS X (as well as other *nix operating systems) maintains a list of users who can access root privileges, called sudoers. The script in question uses the vulnerability, called DYLD_PRINT_TO_FILE, to modify the sudoers file to grant those ...

Read more...