Macs have flaws too — Researchers find security bugs in Apple computers

In case you had any doubts, Macs can have serious security vulnerabilities, just like Windows-based PCs.

A pair of flaws has come to light over the last month that could compromise Apple computers, leaving them vulnerable to malware. Apple has partially fixed one of the vulnerabilities and is working on a fix for the other, according to a report in the Guardian.

The more dangerous of the two flaws — and the one that for now remains unpatched — could allow malicious software to gain administrative rights over a Mac computer without users ever having to enter a password. That could allow the malicious software to install additional programs, change settings or run code in the background without a users’ knowledge.

Earlier this week, Malwarebytes reported finding adware that takes advantage of the vulnerability.

The bug, dubbed “DYLD,” was discovered by security researcher Stefan Esser who disclosed it in a blog post last month. According to Esser, the flaw was introduced to OS X in 10.10 Yosemite, the current version of the operating system that debuted last fall. Test versions of OS X 10.11 El Capitan, the next version of the Mac operating system that the company plans to release this fall, have a patch in place for it, the researcher reported.

According to the Guardian report, Apple plans to soon squash the bug in Yosmite with the upcoming 10.10.5 security update.

The other flaw affects the firmware of Mac computers. Firmware is the base software on a computer that is permanently stored in its memory and instructs the computer to load and run its operating system. The vulnerability, which has been given the nickname “Thunderstrike 2,” would allow a Mac’s firmware to be compromised by malicious software that could then be transferred to other computers.

Security researchers Xeno Kovah and Trammell Hudson earlier discovered a similar flaw in Windows-based PCs. They confirmed recently that the flaw exists on Macs as well. They devised a proof-of-concept that showed how malicious software exploiting the hole could be spread to other computers via a Thunderbolt-to-Ethernet adapter.

Having a vulnerability in firmware is particularly dangerous, because malicious software implanted there could be hard to detect or eradicate and could be used to monitor all of a user’s computer activities.

The firmware vulnerability is actually a collection of flaws. Apple has patched some but not all of them, the Guardian reported.

Photo: A Mac computer running the upcoming version of Apple’s computer operating system, OS X El Capitan, at the company’s Worldwide Developers Conference in June. (Karl Mondon/Bay Area News Group)


Tags: , , , ,


Share this Post

  • Don Smith

    Funny….I have had 4 macs hooked to the internet since early 2000’s….and I have never had a bug, or had to rebuild the OS….I bought a Dell for my kids to play some games on it….in one year, had to take it to Geek squad twice to have them rebuild the OS…..I guess if you look hard enough, you can come up with ‘click bait’ for anything.

    • USMC 8th and I

      “click bait”…..absolutely. Nothing but, horror stories since Apple didn’t live up to the expectations of the all mighty analysts. Now, I guess it’s time to cash in on the negative mood created by these gurus.
      I’ve never had a single problem with my Macs. But, there are plenty of Apple Bashers out there that feed on the negative stories, so I suspect they will keep on coming.
      Want to know how you become an Apple basher…….they’re the ones who were so busy doing the bashing that they missed all the profits.

      • Mario V

        You know this isn’t bashing Apple at all. It is warning everyone of a potential problem that can give admin privileges to outside users. That’s all it is and that is pretty serious actually. They are just letting people know about it.

    • BobBarker

      I got lot of PC over time and never have to rebuilt it…
      Some one I know got a PowerMac and got a lot of trouble with it, including a disk crash and lost what was not backup…I guess he was not lucky… or was it his kids faults…

    • Makikiguy

      You and be both.

  • Negin

    It’s a computer, no matter the OS. I have used both and never ran into issues. But many people that buy a computer don’t have a clue on how the thing works and they may end up hosing the thing.

  • Makikiguy

    When news stories use words like “could”, “maybe”, there isn’t much of a story, The world “could” end tomorrow 🙂