Monday, 10 August 2015

Watch Out for These Serious Mac Attacks

Apple’s esteemed line of Mac devices are about to go through troubled times with the emergence of new age advanced bugs and glaring loopholes in Apple’s operating system. Security researchers had unearthed a new kind of vulnerability in the Mac devices, which allows the hackers install devious ad-wares like VSearch without even requiring the password. VSearch is a notorious malware, which infects the Mac devices with numerous pop-up ads and redirects the users to different search engine whenever they try to use Google.

VSearch bug reported earlier by vigilant security researcher

A German security researcher named Stefan Esser had made this bug public earlier this week. It should be noted that the generally accepted protocol is to inform Apple about the new bug discoveries not to disclose it to the public and cause a furor. Some of the hackers had already taken advantage of this bug found by the German researcher. They had actively used this newfound vulnerability to attack Macs devices as said by a security company named MalwareBytes in their blogpost.

How this bug works and how it can be neutralized?

This bug is designed to effectively take advantage of the Mac OS X 10.10 (Yosemite) features that determines which programs are allowed to make changes on the computer without the need of password. Yosemite makes a list of those programs and keeps it hidden in a file named Sudoers. However, this bug allows the malware to get listed in the Sudoers file which simply means that the malware gets the capability to install any in any part of the OS without users approval via password.

Esser had provided a fix to solve this malware issue. It should also be noted that next patch for the Yosemite will include the bug fix because even Apple about this vulnerability for a while.

Another deadly bug, which take over the control of Mac device

Another group of security researchers had found a more threatening bug, which has the ability to take permanent control of the Mac device. Users can effectively get rid of most vicious malwares by reinstalling the operating system but this new vulnerability in Mac devices turn the game away from the users. Using this particular vulnerability hacker can easily install the malware directly in the computer’s firmware, which is responsible for booting up the computer.

A team of researchers had developed this worm and named it Thunderstrike 2 which can easily take the advantage of this security flaw in Mac deices.

This worm can be installed on the computer just like any other malware where people happen to click on wrong links or fails to the ploy of phishing scam. Once installed this malware takes a nastier turn and keeps looking for the devices connected to Mac in order to load them with worm. Other users when uses the same infected Ethernet adapter happens to get their Mac devices infected too. This bug has not been fixed till now by the Apple.