Apple to patch actively exploited privilege escalation bug in OS X 10.10.5 - report
A recently-discovered flaw in Apple's desktop operating system that allows attackers to gain root-level access without requiring users' passwords will be reportedly be fixed in the final release of OS X 10.10.5, which is already in beta.
There is no word on exactly what steps Apple will take to mitigate the problem, or whether the company will issue security patches for older versions of OS X. The decision to include a patch in OS X 10.10.5 was first reported by The Guardian.
The privilege escalation bug, first discovered last week, exploits a vulnerability in OS X Yosemite's error logging features. Specially-crafted applications can use this back door to modify OS X's sudoers file without asking the user for their password, in effect granting itself root access.
At least one malware creator is already exploiting the bug in the wild. The malicious application installs adware VSearch and Genio alongside the much-maligned MacKeeper app.
A second vulnerability — dubbed Thunderstrike 2 — Â that allows Thunderbolt devices to help spread a worm which lets attackers overwrite a Mac's firmware was reportedly partially addressed in OS X 10.10.4.