THE GENERAL CONSENSUS is that Apple computers tend to be safer than Windows since it’s more controlled, but that might not be the case.
A flaw in OS X, the software that runs on Mac computers, allows hackers to attack a computer and install software on it whenever they wish.
The flaw concerns a hidden document called Sudoers which is a list of permissions each piece of software has on your computer. A change to how OS X Yosemite stores the list means malware can now be added to it and if an attacker gains access, they can install junkware onto your computer.
Security software company Malwarebytes say the first known exploit happened yesterday after one of its researchers found his Sudoers file modified after discovering and testing a new adware installer.
Currently, no fix for the problem has been released by Apple. There is an extension from security researcher and software developer Esser, but as Ars Technica notes, installing a patch that doesn’t come from the official developer can be risky and should only be installed once you check it out and know what you’re doing.
Thunderbolt 2
The other issue, recently patched by the latest update, involved a computer worm that can go deep inside Mac computers, and avoid detection by antivirus software.
The worm, which was designed by two security researchers, achieves this is by installing itself into a Mac’s firmware – the software used to boot up a computer – which antivirus software doesn’t scan.
Once it’s there, it can spread between devices that are not networked by travelling through a Thunderbolt Ethernet adapter, writing itself into a Mac’s firmware and remaining undetected.
The worm, called Thunderstrike 2, can also avoid an entire system reboot, and was discovered by two security researchers, who informed Apple about the flaw.
The first Thunderstrike exploit required the hacker to have physical access to the computer, but this one bypasses this problem and can be delivered via a link. Both exploits were fixed by recent updates, the latest update to OS X (10.10.4) prevents this from happening.
One of the researchers who designed the worm, Xeno Kovah, told Wired that the nature of the attack meant that there would be only one real way for most people to get rid of it: replace the machine entirely.
[It's] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware… For most users that’s really a throw-your-machine-away kind of situation.
Read: Not content with just smartphones, Apple wants to launch its own mobile network >
Read: Can your phone’s battery really be used to spy on you? >
have your say