Monday, August 17, 2015

Apple Releases Update To Deal With Mac OS X Hole

Like what I have been saying before, albeit I have never written a post about it, the Mac OS will have to deal with bugs that allow hackers to get into its system in the future. Similar to Microsoft, it was necessary for Apple to release an update to plug a hole in its system or else access will be given to hackers to the entire OS.

The Mac OS X 10.10.5 update was released near the middle of last week to deal with a number of glitches and holes in the system. On particular hole was considered a rather serious threat to Mac users since it would allow hackers to control programs on a Mac from a remote location. Since hackers will have administrator rights, they can access just about everything in the operating system. A report from The Guardian revealed that the vulnerability was already exploited by an adware installer. 
Apple Releases Update To Deal With Mac OS X Hole

Mac OS X Yosemite
(Image Credit: http://
Yes, the Mac OS has been viewed as a more secure OS compared to Windows, but nothing ever lasts forever. Apple had to deal with a number of bugs in the past and none of them was comparable to what was discovered recently by Stefan Esser, a security researcher.  In a recent tweet, Esser revealed that the 10.10.5 update may have fixed a number of bugs in the system it also created another problem that is considered “worse than before. “ However, Esser did not give any indications as to what was made worse than before. SecurityWeek, a security news site, said Esser warned Mac users from installing the SUIDGuard kernel extension that prevents attacks that use the hole in the DYLD_PRINT_TO_FILE environment variable of the Mac OS X.

The main difference between Apple and Microsoft is that the latter regularly releases updates through the Patch Tuesday program where patches are released each month. The latest update of Apple deals with over a hundred bugs affecting the Mac OS X kernel, QuickTime, Bluetooth and the Notification Center of Mac, among others.

The details of the latest update indicate that vulnerability will allow local users to execute “arbitrary code with system privileges." A “path validation issue” was the main cause of the issue in the DYLD and the issue was dealt with through an enhanced sanitization of the environment, Apple revealed. No other statements were released by Apple in connection to its latest update.