German researcher finds new privileged susceptibility in Mac OS X

German researcher Stefan Esser from security audit firm SektionEins has declared that a local privilege escalation vulnerability (OS X 10.10 DYLD_PRINT_TO_FILE) in OS X allows attackers to exploit a Mac system and it is yet to be fixed in the latest OS release. This issue is yet to be fixed in Windows 10. OS X 10.10 DYLD_PRINT_TO_FILE is a new security flaw which affects OS X 10.10.x and is directly associated with new features that are inserted into the OS by the iPad and iPhone maker in latest Apple operating systems: Yosemite and El Capitan.

The new features are related to the dynamic linker dyld and environment variable DYLD_PRINT_TO_FILE. It is known for enabling error logging to an arbitrary file.


“When this variable was added the usual safeguards that are required when adding support for new environment variables to the dynamic linker have not been used. Therefore it is possible to use this new feature even with SUID root binaries,” says Esser.

“This is dangerous, because it allows to open or create arbitrary files owned by the root user anywhere in the file system. Furthermore the opened log file is never closed and therefore its file descriptor is leaked into processes spawned by SUID binaries. This means child processes of SUID root processes can write to arbitrary files owned by the root user anywhere in the file system,” he added. It can also result in privilege escalation and the hijacking of personal computers and laptops run by OS X. Mac Help Support Phone Number

In a full technical brief on the vulnerability, the German security researcher warned that code execution is a danger to systems as it installs a root shell. The researcher is not sure whether the technology giant Apple has any idea of the security flaw or not as this flaw has already been patched in OS X El Capitan 10.11’s first beta versions. But the same flaw has not been patched so far in the latest update of OS X 10.10.4 or in the current beta of OS X 10.10.5.

The researcher contemplates that the patch may be the outcome of a code cleanup rather than a security sweep. “However, if this is the result of a security fix then Apple has once again shown how unsupported their current versions become the moment a new beta is in development,” the researcher added. Still, it is not clear if Apple has release a patch for the flaw. Interestingly, security audit firm SektionEins has released the source code of a kernel extension. The firm also released a digitally-signed version for helping users protect their systems from this vulnerability under the name SUIDGuard which can be easily downloaded from GitHub.

It is well-known that the tech giant has already launched a security update to patch many security flaws in iOS 8.4 and OS X 10.10.4.

Apple users facing the same issues with their OS X can take help from Apple tech support providing companies to get the best solutions matching their needs.

Copyright © 2000-2016 rights reserved.