Apple will patch serious security flaws in OS X ‘as soon as possible’

By

Tim Cook addresses the White House Summit on Cybersecurity and Consumer Protection. Photo: White House
Tim Cook talks cybersecurity earlier this year.
Photo: White House

Apple plans to issue an update fixing two severe OS X Yosemite security flaws “as soon as possible,” according to a new report.

One bug is the recently discovered Thunderstrike 2, which allows attackers to overwrite a computer’s firmware in a way that is impossible to reverse unless users have the wherewithal to open up their Mac and manually reflash the chip.

The other is a “privilege escalation” bug known as DYLD that allows a program to run as though it has administrator access without prompting users to enter their passwords.

While Thunderstrike 2 requires users to have Thunderbolt devices, which are required to spread the worm, DYLD has the potential to impact far more users. Apple partially patched Thunderstrike 2 recently.

According to the Guardian newspaper, “Apple has taken interim measures to prevent further exploitation of the vulnerability, including revoking the credentials of developers who use it, and including any app which does so on the company’s regularly updated list of malware.”

Even so, we recommend immediately installing any security updates Apple throws your way in the near future. And, needless to say, be smart enough not to fall for a phishing email or let any potential attackers have physical access to your Mac.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.