Since many of our blog readers are Mac users, we would like to point out an important system update and recommend installing it as soon as possible.
Apple released a massive update to its current version of Mac OS X (El Capitan, v10.11.4) on Monday, patching serious vulnerabilities in the desktop OS, including some that allow hackers to take total control of your machine.
One of the flaws, which is fixed in this update, would allow an attacker to run code with root permissions thus performing privilege escalation, ultimately leading to a permission-less user being granted root access. This means an attacker would have full access to a person’s Mac. Ian Beer, a member of Google’s Project Zero security team, reported this bug last December.
The vulnerability is in fact a race condition window that was actually documented in the code of the XNU/Mac OS X kernel. It was only a matter of time until a researcher found and exploited it.
Screenshot taken from kern_exec.c – source file of the XNU kernel BSD subsystem
With any vulnerability, there’s always the possibility that hackers have known about the flaw before a patch was developed, giving them plenty of time to develop an exploit.
Given the severities of these vulnerabilities, all Mac users should update their computers immediately. Also, people who haven’t upgraded to El Capitan (v10.11), should do so immediately. This version of OS X is more secure than Yosemite and other earlier versions, especially with the latest update.
Macs are getting more popular, which means more threats are coming Apple’s way, as Cybereason Labs discussed in a recent research report.
Don’t skip the update process, which Apple outlines on its website. Some of these flaws are nasty if exploited. To learn more about the update, check out Apple’s release notes.
Amit Serper is the Lead Mac OS X and Linux Security Researcher at Cybereason.