Vulnerability in Apple's OS X Could Allow for Privilege Escalation

ITS Advisory Number: 
2015-088
Date(s) Issued: 
Thursday, August 6, 2015
Subject: 
Vulnerability in Apple's OS X Could Allow for Privilege Escalation
Overview: 

A vulnerability has been discovered in Apple's OS X, which could allow for privilege escalation. Apple's OS X is an operating system for Apple computers.

There are reports of this vulnerability being exploited in the wild and no patch is currently available. Successful exploitation of this vulnerability allows an attacker to open, create, or modify files with root privileges which could result in the installation of malware or other unwanted programs, or the execution of arbitrary code.

Systems Affected: 
  • Apple's OS X version 10.10.4 and prior
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

A vulnerability has been discovered in Apple's OS X, which could allow for privilege escalation. The vulnerability exists in how the operating system handles the dyld dynamic linker and the DYLD_PRINT_TO_FILE environment variable. This vulnerability could allow for any file on the system to be opened or modified with root-like privileges. One such example could allow for the sudoers file to be modified to allow shell commands to be executed with root privileges without the need for a sudo password. This exploit has been reported in the wild and there is currently no patch available.

Successful exploitation of this vulnerability allows an attacker to open, create, or modify files with root privileges which could result in the installation of malware or other unwanted programs, or the execution of arbitrary code.

Actions: 
  • Once a fix is released by Apple, update immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments, especially those from un-trusted sources.