A serious flaw has been discovered in the lates version of Apple’s OS X operating system.
Through the OS X Yosemite 10.10 flaw, hackers can attack a Mac without need of a password.
The exploit was discovered by MalwareBytes following earlier news of a vulnerability. It stems from a flaw in new error-logging features Apple has added to OS X 10.10, which essentially means that it’s now possible to add malware to Yosemite’s hidden list of root permissions (known as sudoers) without the usual password entry requirement.
This opens the door to the installation of malicious software on a Mac by hackers and other neerdowells.
There’s been some controversy over how the flaw was found and dealt with. It was discovered by one Stefan Esser, who has attracted criticism because he didn’t notify Apple before making the flaw public – a major no-no in security software circles.
Read More: OS X Yosemite tips and tricks
As Ars Technica points out, Esser himself has offered up a kernel extension that will help protect against these attacks, but of course installing such an unofficial fix is a risk in itself.
As MalwareBytes also points out, Apple has known about this exploit for some time now. Another, more responsible researcher apparently notified the company of the flaw before Esser spilled the beans. However, no fix has been forthcoming.