large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Serious security flaw found in OS X

A serious flaw has been discovered in the lates version of Apple’s OS X operating system.

Through the OS X Yosemite 10.10 flaw, hackers can attack a Mac without need of a password.

The exploit was discovered by MalwareBytes following earlier news of a vulnerability. It stems from a flaw in new error-logging features Apple has added to OS X 10.10, which essentially means that it’s now possible to add malware to Yosemite’s hidden list of root permissions (known as sudoers) without the usual password entry requirement.

This opens the door to the installation of malicious software on a Mac by hackers and other neerdowells.

There’s been some controversy over how the flaw was found and dealt with. It was discovered by one Stefan Esser, who has attracted criticism because he didn’t notify Apple before making the flaw public – a major no-no in security software circles.

Read More: OS X Yosemite tips and tricks

As Ars Technica points out, Esser himself has offered up a kernel extension that will help protect against these attacks, but of course installing such an unofficial fix is a risk in itself.

As MalwareBytes also points out, Apple has known about this exploit for some time now. Another, more responsible researcher apparently notified the company of the flaw before Esser spilled the beans. However, no fix has been forthcoming.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.