"Privilege escalation" means that if someone already has malicious code in your Mac, they can use something like DYLD_PRINT_TO_FILE to gain deeper access to the system. To make a bad analogy, if they've already broken into your house, they can break into the locked drawer in your desk as well. Stefen Esser:
With the release of OS X 10.10 Apple added some new features to the dynamic linker dyld. One of these features is the new environment variable DYLD_PRINT_TO_FILE that enables error logging to an arbitrary file. [...] The problem with this code is that it does not come with any safeguards that are required when adding new environment variables to the dynamic linker.
Esser goes on to say that the vulnerability does not affect OS X 10.11 El Capitan, but does affect all current versions of Yosemite. It's safe to assume Apple knows all of this and it'll be fixed in the next update for OS X 10.10 Yosemite as well.
In the meantime, if you think you're at risk, and you're comfortable with kernel extensions, Essar has also posted an interim fix, called SUIDGuard on GitHub.
Apple fixed multiple privilege escalation bugs in OS X 10.10.4. Why this particular bug got more attention than those is likely due to how it was disclosed, its nature, and the easy headlines it made for re-bloggers.
Again, OS X El Capitan is not vulnerable. El Cap also adds new features like System Integrity Protection which brings iOS-style root-level defense to the Mac, and along with existing systems like Gatekeeper, Sandboxing, anti-malware, and the Mac App Store make it harder for exploits of all types to do damage even if and when they're encountered.
So, as always, stay informed but don't let any sensationalized headlines get to you.
We may earn a commission for purchases using our links. Learn more.
Apple VR leak suggests 2022 release date, key features
A new research note from Apple supply chain guru Ming-Chi Kuo indicates Apple's VR headset is coming next year, and will be highly integrated with products like Apple TV+ and Apple Arcade.
Apple to face trial over use of refurbished replacement devices
A class-action lawsuit against Apple is proceeding to trial over its use of refurbished devices and parts in repairs.
![[Update] Apple to discontinue iMac Pro once stock runs out](https://www.imore.com/sites/imore.com/files/styles/w200h150crop/public/field/image/2018/03/imac-pro-birds-eye.jpg)
[Update] Apple to discontinue iMac Pro once stock runs out
Apple has tweaked the iMac Pro listing on its website to state that it is for sale "While supplies last", with only one configuration available. Apple has now confirmed it will discontinue the iMac Pro once stock runs out.
These HomeKit cameras work with iOS14's Face Recognition and Activity Zones
iOS 14 brings some powerful new capabilities to HomeKit Secure Video-enabled cameras like Face Recognition and Activity Zones. Here's all of the cameras and doorbells that support the latest and greatest HomeKit features.