DYLD_PRINT_TO_FILE exploit: What you need to know

"Privilege escalation" means that if someone already has malicious code in your Mac, they can use something like DYLD_PRINT_TO_FILE to gain deeper access to the system. To make a bad analogy, if they've already broken into your house, they can break into the locked drawer in your desk as well. Stefen Esser:

With the release of OS X 10.10 Apple added some new features to the dynamic linker dyld. One of these features is the new environment variable DYLD_PRINT_TO_FILE that enables error logging to an arbitrary file. [...] The problem with this code is that it does not come with any safeguards that are required when adding new environment variables to the dynamic linker.

Esser goes on to say that the vulnerability does not affect OS X 10.11 El Capitan, but does affect all current versions of Yosemite. It's safe to assume Apple knows all of this and it'll be fixed in the next update for OS X 10.10 Yosemite as well.

In the meantime, if you think you're at risk, and you're comfortable with kernel extensions, Essar has also posted an interim fix, called SUIDGuard on GitHub.

Apple fixed multiple privilege escalation bugs in OS X 10.10.4 (opens in new tab). Why this particular bug got more attention than those is likely due to how it was disclosed, its nature, and the easy headlines it made for re-bloggers.

Again, OS X El Capitan is not vulnerable. El Cap also adds new features like System Integrity Protection which brings iOS-style root-level defense to the Mac, and along with existing systems like Gatekeeper, Sandboxing, anti-malware, and the Mac App Store make it harder for exploits of all types to do damage even if and when they're encountered.

So, as always, stay informed but don't let any sensationalized headlines get to you.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

7 Comments
  • +1 for me running the ElCap Public Beta. :)
  • Oh man, I would love to see more pics of that setup love the monitor mounts :)
  • Hey cctpitts01,I think you may be commenting on some other post. This is about a security vulnerability.
  • Nope. He's commenting about this article, specifically the image...
  • How does the malicious code get on the computer in the first place? More specifically is there a list of known Trojans (or whatever is the source)? Sent from the iMore App
  • It doesn't.
  • I just reinstalled Yosemite after returning from El Cap PB1,
    Installed trusted apps across the board, no fear here.