Mac OS X Exploit Emerges After Patch
Exploit code for a patched flaw in the Mac OS X operating system was discovered over the weekend, which allows an attacker to gain full system access through flaws in the core of the operating system. Apple provided a fix for the issue in a security update issued last week.
Researchers with Matasano Security, who are credited with discovering the flaw, said the malicious code appeared to be a zero-day exploit and may have been available on the Internet before Apple released its patch. Tuesday's news also highlights attackers' increasing focus on Mac OS X.
Whereas in the past, attacks have primarily been focused on Microsoft Windows, the increasing popularity of Apple has caused some hackers to re-focus their attention. Moreover, the Cupertino company's boasts that its operating system is "virus-free" may give cybercriminals extra impetus to attempt to hack Macs.
It should be noted that, on its own, the Mac OS X exploit does nothing malicious, only showing the attacker that they can gain the necessary user rights. Once the attacker has those rights, he or she can perform any action they want.
At the most risk are those with computers containing multiple user accounts, or those who use remote access features, Matasano said. Additionally, a user must be logged into their computer in order for an attacker to take advantage of the flaw.