If a few days ago we told you how the DYLD_PRINT_TO_FILE vulnerability discovered by the company MalwareBytes was wreaking havoc on OS X systems, now we can say that finally the latest update to OS X 10.10.5 seems to have addressed the problem.
This exploit allowed a remote attacker to take control of the computer and install malware at will (See the case of the VSearch search engine, a well-known adware), specifically what made this attack especially dangerous is that could write to in the sudoers file through DYLD_PRINT_TO_FILE, changing the administrator permissions to be able to install software without its password.
Addition VSearch case in which the installer was hidden in the system image waiting for the malicious script to be executed to take advantage of the vulnerability and install in the background, we also have the case of MacKeeper, Genieo or ZipCloud that pretended to be a fake Safari update to leave this type of spyware installed behind the user's back.
The closure of this vulnerability has finally arrived in the final version both as an update via the App Store as in the Combo Update since in the previous beta versions it still existed as Steffan Esser commented, a security researcher who alerted the Ars Technica website in July of the danger of this bug considered zero day, that is, more or less for that you understand me as "high risk".
Hopefully from now on Apple will pay more attention to such serious security flaws before launching the different versions on the marketAlthough it is true that failures of this type are not received, the company's response is always very fast and they release the patch or update in turn to close it.
