Apple Squashes Serious Security Bug With Update to Mac OS X

Yahoo Tech

August 14, 2015 at 2:17 PM

This article, Apple squashes serious security bug with update to Mac OS X, originally appeared on CNET.com.

Apple has fixed a bug in its desktop operating system that could have given hackers access to the entire OS.

Released on Thursday, Mac OS X 10.10.5 resolves scores of holes and technical glitches. But one serious bug in particular was squashed along with the rest. Known as DYLD, this vulnerability in Apple’s OS X was considered serious because it enables hackers to remotely run a program on a Mac using administrator rights, which opens up wide access to the entire operating system. The vulnerability had already been exploited “in the wild,” or in the real world, according to the Guardian, with at least one adware installer taking advantage of it.

The Mac OS has long enjoyed a reputation as more secure than Windows. But just like Microsoft, Apple has to do its fair share of patching with regular updates and bug fixes. The latest update resolves more than 100 different bugs affecting Bluetooth, QuickTime, the Mac OS X kernel, the Mac’s Notification Center and other features. In the past, Apple has sometimes been slow about patching individual bugs, whereas Microsoft rolls out a series of patches on a monthly basis through its Patch Tuesday program.

Apple’s details on the bug fix, which is available for OS X Yosemite versions 10.10 through 10.10.4, said that with the vulnerability, “a local user may be able to execute arbitrary code with system privileges.” Apple noted that the problem was due to a “path validation issue” in DYLD and that the issue was addressed through “improved environment sanitization.” Apple did not immediately reply to CNET’s request for a layman’s explanation of these terms.

The DYLD bug was first reported by security researcher Stefan Esser. In a tweet posted late Thursday, Esser said: “Hmm so Apple released 10.10.5 fixed some bugs and made another security problem worse than before.” Esser didn’t reveal which security problem was allegedly made worse. But he reportedly has advised Mac users not to uninstall his SUIDGuard kernel extension, which guards against attacks that take advantage of the DYLD hole, according to security news site SecurityWeek.

Also from CNET:

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Rory McIlroy files for divorce from wife Erica after seven years of marriage
On the eve of the PGA Championship, Rory McIlroy has filed for divorce from his wife, Erica.
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?
For rookies who were waived, the climb to their pro dreams is steeper, but the path ahead is well-worn with trail markers of established success.
Yahoo Sports
2024 NFL schedule release: Here are the games we know before Wednesday's full announcement
Before Wednesday arrives, football fans got some appetizers as some games were formally announced.
Yahoo Sports
Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?
In one scenario, Dallas makes Prescott the highest paid player in NFL history. In another, the Cowboys decline that commitment, at which point another team will make him the top paid player in NFL history.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Sports
MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list
Here's a look at the rookies who have stood out on each team through the first quarter of the 2024 season.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Autoblog
Best used cars to buy in 2024: From trucks and SUVs to EVs
The best used cars to buy in 2024 include small and midsize cars, trucks, crossovers and SUVs, and even a couple of used electric cars.
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.
Yahoo Sports
Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal
Jimmy Dunne cited 'no meaningful progress' being made in negotiations between the PGA Tour and LIV Golf as a reason for his resignation.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
NASCAR to launch 32-driver in-season tournament
No doubt diehard fans will view this as yet another act of desperation by NASCAR to curb its ratings woes.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Apple Squashes Serious Security Bug With Update to Mac OS X

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Rory McIlroy files for divorce from wife Erica after seven years of marriage

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

What scouts think of Bronny James' NBA prospects

Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?

2024 NFL schedule release: Here are the games we know before Wednesday's full announcement

Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?

Utility stocks are on fire — here are Wall Street analysts' top picks

MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

Best used cars to buy in 2024: From trucks and SUVs to EVs

NFL schedule release: Chiefs to host Ravens in 2024 season opener

Here's 1 big investing mistake you are probably still making

The best RBs for 2024 fantasy football, according to our experts

The best budgeting apps for 2024

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers

Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal

Social Security just passed Medicare as the government's most pressing insolvency risk

NASCAR to launch 32-driver in-season tournament