In case you had any doubts, Macs can have serious security vulnerabilities, just like Windows-based PCs.
A pair of flaws has come to light over the last month that could compromise Apple computers, leaving them vulnerable to malware. Apple has partially fixed one of the vulnerabilities and is working on a fix for the other, according to a report in the Guardian.
The more dangerous of the two flaws — and the one that for now remains unpatched — could allow malicious software to gain administrative rights over a Mac computer without users ever having to enter a password. That could allow the malicious software to install additional programs, change settings or run code in the background without a users knowledge.
Earlier this week, Malwarebytes reported finding adware that takes advantage of the vulnerability.
The bug, dubbed DYLD, was discovered by security researcher Stefan Esser who disclosed it in a blog post last month. According to Esser, the flaw was introduced to OS X in 10.10 Yosemite, the current version of the operating system that debuted last fall. Test versions of OS X 10.11 El Capitan, the next version of the Mac operating system that the company plans to release this fall, have a patch in place for it, the researcher reported.
According to the Guardian report, Apple plans to soon squash the bug in Yosmite with the upcoming 10.10.5 security update.
The other flaw affects the firmware of Mac computers. Firmware is the base software on a computer that is permanently stored in its memory and instructs the computer to load and run its operating system. The vulnerability, which has been given the nickname Thunderstrike 2, would allow a Mac s firmware to be compromised by malicious software that could then be transferred to other computers.
Security researchers Xeno Kovah and Trammell Hudson earlier discovered a similar flaw in Windows-based PCs. They confirmed recently that the flaw exists on Macs as well. They devised a proof-of-concept that showed how malicious software exploiting the hole could be spread to other computers via a Thunderbolt-to-Ethernet adapter.
Having a vulnerability in firmware is particularly dangerous, because malicious software implanted there could be hard to detect or eradicate and could be used to monitor all of a user s computer activities.
The firmware vulnerability is actually a collection of flaws. Apple has patched some but not all of them, the Guardian reported.
Photo: A Mac computer running the upcoming version of Apple s computer operating system, OS X El Capitan, at the company s Worldwide Developers Conference in June. (Karl Mondon/Bay Area News Group)
