DYLD_PRINT_TO_FILE is an OS X 10.10 Yosemite vulnerability that could allow malicious code on your Mac to escalate its privileges—gain "root" access—and potentially exploit the system. Now an anti-malware company named Malwarebytes has reported finding just such an exploit "in the wild", meaning it's already being used to try and install malware on Macs.
What does the malware do?
The malware uses DYLD_PRINT_TO_FILE to modify "sudoers"—a file that controls what commands can be run on your Mac, and what passwords are needed to run them, and by whom—so it can launch VSInstaller, which then installs junkware.
Has Apple patched the problem?
DYLD_PRINT_TO_FILE has already been patched in the OS X 10.11 El Capitan beta and in the OS X 10.10.5 beta. While El Capitan is only coming later this fall, OS X 10.10.5 should be imminent.
What else can and has Apple done?
It looks like Apple has already revoked the certificate used for the junkware, so Gatekeeper—Apple's system that blocks untrusted software—will prevent it from being launched without explicit user intervention. It also looks like Apple has at least begun to update OS X's automatic anti-malware definitions to recognize and reject the junkware, so it won't be able to be installed at all.
What do certificates and definitions have to do with this?
Effective security comes in layers. Properly fixing and testing patches takes time, and not everyone updates immediately. Given those realities, the ability to revoke certificates and add signature, when coupled with technologies like Gatekeeper and built-in anti-malware, helps prevent malicious code for executing even if it does make it onto an un-patched system.
OS X El Capitan technologies like System Integrity Protection will take this even further by limiting the harm an exploit could cause even if it did manage to escalate its privileges to root.
Apple also provides the Mac App Store as a safer and more secure place to download software from, so OS X customers aren't left to internet download sites that are typically strewn with junkware and malware.
Do I need to worry about this malware?
Malware is a problem. OS X 10.10.5 and the DYLD_PRINT_TO_FILE patch needs to be released as fast as engineering and quality assurance allows, and when it is, we need to update asap. In the meantime certificates need to be revoked and malware definitions updated just as soon as new exploits are discovered.
But malware exists well beyond DYLD_PRINT_TO_FILE. If you download files from places you can't trust, you're at high risk of getting junkware and potentially worse on your Mac. Apple needs to fix bugs when they're discovered, and needs to keep putting as many blockades in the way of malicious software as the company can, but we need to do our part as well.
That means only downloading from trusted sites like the Mac App Store, Adobe.com, http://Microsoft.com, and well-known developers with solid reputations, and it means being very careful about the links you click in emails, on social networks, and in other forums.
We may earn a commission for purchases using our links. Learn more.
Tim Cook agrees to testify before House antitrust committee
Tim Cook has agreed to testify before a house antitrust committee alongside the CEOs of Google, Facebook, and Amazon.
Display analyst pours cold water on iPhone 12 Pro 120Hz display claims
Will iPhone 12 Pro have a 120Hz display? We thought so, but display analyst Ross Young says not.
Enhance Recording & more coming to Voice Memos in iOS 14 and macOS Big Sur
Apple announced plenty of new iOS 14 and macOS Big Sur features during WWDC, but one that didn't get any screen time was a new Enhance Recording feature in the Voice Memos app.
If you have run an Airbnb, you might need one of these smart locks
These smart locks provide both convenience and security for you and your guests at your Airbnb rental. Make managing things easier by assigning codes and app access with the best smart locks around.