Researchers have identified a local privilege escalation (LPE) vulnerability within the mack OS X Os. Apple appears to be aware of the loophole, however the corporate hasn’t fixed in current releases.
German researcher Stefan Esser from security audit firm SektionEins disclosed the vulnerability on Tuesday. The protection flaw affects OS X 10.10.x and relates to new options added by the iPad and iPhone maker within the newest evolutions of the OS,Yosemite and El Capitan.The vulnerability is said to DYLD_PRINT_TO_FILE, associate atmosphere variable that allows error work to impulsive files. The feature was introduced by Apple to the dynamic linker “dyld” with the discharge of OS X 10.10.
“When this variable was added the standard safeguards that square measure needed once adding support for brand new atmosphere variables to the dynamic linker haven't been used. Thus it's attainable to use this new feature even with SUID root binaries,” Esser explained.
“This is dangerous, as a result of it permits to open or produce impulsive files owned by the root user anywhere in the file system. Furthermore the opened log file is rarely closed and so its file descriptor is leaked into processes spawned by SUID binaries. this implies processes of SUID root processes will write to impulsive files owned by the foundation user anyplace within the filesystem.”
Esser disclosed that the native privilege escalation vulnerability additionally affects jailbroken iPhones running iOS 8.x.This, in turn, permits for privilege escalation and computer hijacking to require place.
However, Apple fixed the flaw within the beta versions of OS X El Capitan 10.11, and not within the current OS X 10.10.4 or the beta version of OS X 10.10.5. OS X 10.11 is anticipated to be fixed in late September or early October.
