Apple will soon push out a fix for a new security bug that's affected users of its Mac operating system.
Reported in early July, the bug in the OS X environment variable DYLD_PRINT_TO_FILE is considered a serious hole as it could allow hackers to remotely run a program on a Mac using administrator rights, which potentially opens up wide access to the entire operating system. The vulnerability has already been exploited "in the wild," according to the Guardian, leading to at least one adware installer taking advantage of it to further its capabilities.
In response, Apple will fix the bug in the next update to its Mac OS X, specifically OS X 10.10.5. The initial beta of the next security update did not contain the patch, the Guardian said, leading to some concern that it might not be resolved until El Capitan is released in the fall.
Apple has long enjoyed a reputation as a more secure operating system than Windows. And, yes, Windows does get bitten by a fair number of bugs, forcing Microsoft to roll out patches and fixes on a regular basis. But Apple's Mac OS is hardly immune from security flaws. Bugs have popped up in the past, including thein April 2014, and uncovered by Google's Project Zero security team in January. In the past, Apple has sometimes been slow about patching bugs, raising concerns among security experts and OS X users.
But the latest beta for the next update to OS X 10.10.5 does include the fix for the DYLD exploit, according to security researcher Stefan Esser, who first reported the bug. On July 31, Esser tweeted: "Looks like dropping DYLD_PRINT_TO_FILE exploit resulted in Apple having fixed it in OS X 10.10.5 beta '2' - suddenly they can work 'faster.'"
Sources close to the matter also confirmed to CNET that the latest public beta of OS X 10.10.5, created on July 30, does come with the necessary patch. Typically, a public beta of an update to OS X takes around two weeks before it reaches Mac users. So OS X users should expect the fix to roll out in the next week or so.
On Tuesday, Apple also updated its, a security feature that filters out malware, to catch any malware that taps into the DYLD vulnerability.
Apple has taken other steps to prevent further exploits of the hole, the Guardian said. The company will now revoke the credentials of any developer who exploits the vulnerability and will place any app that taps into the bug on its list of malware. But Mac users still need to make sure they're protected against the bug until the actual security patch is released.
That naturally raises the topic of whether or not you should run anti-malware software on a Mac. Many Mac users have contended that security software is not necessary as the Mac is a secure operating system, especially with such features as XProtect. But given that bugs do crop up from time to time, and Apple isn't always quick on the draw to squash them, installing a good security program on your Mac may be a good idea at this point.
Updated at 10:17 a.m. PT with more details and our own confirmation of the patch.
Apple - USE TAG
reading•Apple to patch serious security hole in Mac OS X
Nov 18•Black Friday 2018 smart home deals: Google Home Hub, Facebook Portal, Apple HomePod, Alexa gadgets and more
Nov 18•Tech Turkeys 2018: The biggest screwups in tech this year
Nov 18•Black Friday 2018 iPhone deals: iPhone XR and XS for $150 off, free $400 iPhone X gift card
Nov 18•We took the iPhone XS and XR into 26 foot deep water. Only one survived