Apple plans to issue an update fixing two severe OS X Yosemite security flaws “as soon as possible,” according to a new report.
One bug is the recently discovered Thunderstrike 2, which allows attackers to overwrite a computer’s firmware in a way that is impossible to reverse unless users have the wherewithal to open up their Mac and manually reflash the chip.
The other is a “privilege escalation” bug known as DYLD that allows a program to run as though it has administrator access without prompting users to enter their passwords.
While Thunderstrike 2 requires users to have Thunderbolt devices, which are required to spread the worm, DYLD has the potential to impact far more users. Apple partially patched Thunderstrike 2 recently.
According to the Guardian newspaper, “Apple has taken interim measures to prevent further exploitation of the vulnerability, including revoking the credentials of developers who use it, and including any app which does so on the company’s regularly updated list of malware.”
Even so, we recommend immediately installing any security updates Apple throws your way in the near future. And, needless to say, be smart enough not to fall for a phishing email or let any potential attackers have physical access to your Mac.