Skip to main content

Apple promises fix for major security flaw in OS X Yosemite

Apple has promised it will fix a major vulnerability which recently cropped up in its OS X Yosemite operating system.

The worrying zero-day vulnerability allows malware authors to modify a hidden configuration file to get root permissions on the victim machine, security firm Malwarebytes explained in a blog post, allowing for the installation of adware and other assorted malware nastiness.

This was particularly concerning as knowledge of the exploit flooded the internet, yet OS X 10.10.4, the current version of Apple’s desktop OS, remains vulnerable.

So it's not too surprising to hear that Apple has been in touch with the press – the Guardian in this case – to promise that the vulnerability will be fully patched and cured in the next update of OS X, version 10.10.5.

That puts paid to the gossip on the security grapevine that Apple might not have issued a fix until the next incarnation of OS X, El Capitan, which follows on from Yosemite.

Even so, bear in mind that right now, this exploit is still a danger – though note that you do have to install an unsigned third-party app on your Mac to be infected by the dodgy adware spreading script. (OS X won’t even let you do that by default, of course, and anyone who’s messed with the default settings will hopefully be savvy enough not to be installing random programs from potentially suspect sources).

Another major bug going by the name of Thunderstrike 2 has also been causing big problems for Apple's reputation in terms of the security of the firm's computers.

This worm could be spread via a website and let attackers overwrite a machine's firmware, though a patch has already addressed the web page vulnerability (but this particular miscreant can still be spread via Thunderbolt devices).