Why you shouldn't freak out about this week's scary-sounding Mac exploits<article>
<section class="page">
<p>
One set of researchers explains how a modification to your Macintosh’s boot-up firmware can persist undetectably and spread through peripherals to other computers. Another researcher’s work from a month ago is found in the wild, installing adware through a hidden escalation in user privileges. Both sound terrible, but neither is quite what it seems.</p><h2>De-escalate your privilege, buddy</h2>
<p>
A month ago, a security researcher who has found previous flaws in iOS, Stefan Esser,
documented a problem in OS X about which he didn’t warn Apple in advance. Starting in Yosemite, OS X allowed software to log errors to an arbitrary file. Esser discovered that this could be used maliciously to write to files that only a root user should be able to. He took that weakness to demonstrate how one might escalate privileges, allowing a regular user without administrator or root access to run any software he or she wishes.</p><p class="jumpTag"><a href="/article/2956628/security/why-you-shouldnt-freak-out-about-this-weeks-scary-sounding-mac-exploits.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>
Source:
Why you shouldn't freak out about this week's scary-sounding Mac exploits
