Title: DYLD_PRINT_TO_FILE exploit: What you need to know Post by: HCK on July 24, 2015, 09:00:18 am DYLD_PRINT_TO_FILE exploit: What you need to know
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><a href='http://www.imore.com/dyldprinttofile-exploit-what-you-need-know' title="DYLD_PRINT_TO_FILE exploit: What you need to know"><img src='http://www.imore.com/sites/imore.com/files/styles/large_wm_blw/public/field/image/2014/10/yosemite_design_mac_pro_hero_1.jpg?itok=N4ZCCiPV' />[/url]</p> <p class="intro">DYLD_PRINT_TO_FILE is a recently-disclosed privilege escalation vulnerability on OS X Yosemite.</p> <p>"Privilege escalation" means that if someone already has malicious code in your Mac, they can use something like DYLD_PRINT_TO_FILE to gain deeper access to the system. To make a bad analogy, if they've already broken into your house, they can break into the locked drawer in your desk as well. Stefen Esser (https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html):</p> <p>With the release of OS X 10.10 Apple added some new features to the dynamic linker dyld. One of these features is the new environment variable DYLD_PRINT_TO_FILE that enables error logging to an arbitrary file. [...] The problem with this code is that it does not come with any safeguards that are required when adding new environment variables to the dynamic linker.</p> <p>Esser goes on to say that the vulnerability does not affect OS X 10.11 El Capitan, but does affect all current versions of Yosemite. It's safe to assume Apple knows all of this and it'll be fixed in the next update for OS X 10.10 Yosemite as well.</p> <p>In the meantime, if you think you're at risk, and you're comfortable with kernel extensions, Essar has also posted an interim fix, called SUIDGuard on GitHub (https://github.com/sektioneins/SUIDGuard).</p> <p>Apple fixed multiple privilege escalation bugs in OS X 10.10.4 (https://support.apple.com/en-us/HT204942). Why this particular bug got more attention than those is likely due to how it was disclosed, its nature, and the easy headlines it made for re-bloggers.</p> <p>Again, OS X El Capitan is not vulnerable. El Cap also adds new features like System Integrity Protection (http://www.imore.com/os-x-el-capitan-first-look) which brings iOS-style root-level defense to the Mac, and along with existing systems like Gatekeeper, Sandboxing, anti-malware, and the Mac App Store make it harder for exploits of all types to do damage even if and when they're encountered.</p> <p>So, as always, stay informed but don't let any sensationalized headlines get to you.</p> </div></div></div><br clear='all'/> <a href="http://rc.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/rc/1/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/rc/1/rc.img" border="0"/>[/url] <a href="http://rc.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/rc/2/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/rc/2/rc.img" border="0"/>[/url] <a href="http://rc.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/rc/3/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/rc/3/rc.img" border="0"/>[/url] <img src="http://da.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/a2.img" border="0"/> (http://da.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/a2.htm)<img width="1" height="1" src="http://pi.feedsportal.com/r/234565991109/u/49/f/616881/c/33998/s/48621b6f/sc/15/a2t.img" border="0"/><img width='1' height='1' src='(http://tipb.com.feedsportal.com/c/33998/f/616881/s/48621b6f/sc/15/mf.gif)' border='0'/><img src="http://feeds.feedburner.com/~r/TheIphoneBlog/~4/pPF45F1v6i0" height="1" width="1" alt=""/> Source: DYLD_PRINT_TO_FILE exploit: What you need to know (http://feedproxy.google.com/~r/TheIphoneBlog/~3/pPF45F1v6i0/story01.htm) |