OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

DYLD_PRINT_TO_FILE exploit found in the wild

Published August 4th, 2015 at 9:47 AM EDT , modified August 4th, 2015 at 9:47 AM EDT

Adam Thomas, a researcher at Malwarebytes, discovered a new adware installer yesterday that is using the DYLD_PRINT_TO_FILE exploit, discovered last month, to install itself with root privileges.

The full story can be found on Malwarebytes Unpacked.

9 Comments

  • Patrick Mele says:

    Installing itself is a scary thought to my Macs Safety, Thanks again Thomas and “congrads” to you in your new position @Malwarebytes Unpacked, although I favor a red Apple to the new Blue-Logo!!

  • Tim says:

    When I click on Malwarebytes Unpacked I get a pop up that Safari cannot verify that site! Started on Aug 9.

  • Nigel says:

    Hi, Thomas. Are you going to continue posting links here to Mac-related articles on the Malware Bytes site? It makes it easier to find the relevant items! Many thanks for your excellent work, hope you’re enjoying the new job!

  • Thanh Gannoe says:

    New OS X vulnerability being exploited in the wild. It s only really fixed in El Capitan as a side effect of Apple introducing the new and widely reported rootless security feature which introduces fine grained file permissions.

    • Thomas says:

      Actually, the DYLD_PRINT_TO_FILE vulnerability was fixed in the latest Yosemite update (10.10.5). The fix has nothing to do with El Capitan’s “rootless” feature.

  • Roberto says:

    Hi Thomas. my name is Roberto. i have 2 question. i receive a email from you in April or may with 2 links wish is http://www.thesafemac.com and http://www.adwaremedic.com. i want ask you wish one is going to help me to clean my Macbook Pro 2012 is look like i have a virus and is working very slow and also is flossing every time. please can you help me. thank you Thomas

This post is more than 90 days old and has been locked. No further comments are allowed.