OS X 10.10.5 to Fix Thunderstrike 2 and Zero-Day DYLD Vulnerabilities
Apple aims to patch the Thunderstrike 2 exploit in Mac OS X "as soon as possible," as the worm can only be fixed by re-flashing your firmware chip once it infects your computer.
This promise comes only days after the firmware worm was made public by a team of security researchers and shows how critical this concern is for the security of Apple's desktop and laptop computers. Reports claim that Thunderstrike 2 has already been partially patched in Mac OS X 10.10.4 update. This worm allows attackers to overwrite a computer's firmware using a malicious webpage and cannot be killed even by reinstalling OS X or reinstalling a new hard drive. This worm essentially turns your machine into an incurable state. While it has been partially patched in the last OS X update, its ability to spread from one computer to others remains unpatched.
More concerning that Thunderstrike 2 is, however, another security vulnerability that Apple is focusing to send the patch for. Next update to Apple's desktop operating system will reportedly bring the patch to a zero-day bug titled DYLD which is a serious privilege escalation bug. This vulnerability allows a program to run as an administrator bypassing the security measures including passwords, ending up installing crapware on your Macs. Initial beta of this update didn't include a fix for the issue, however, Mac OS X 10.10.5 will be bringing the patch, according to the Guardian.
While the company sends patches of both these vulnerabilities discovered in Mac OS X, “Apple has taken interim measures to prevent further exploitation of the vulnerability, including revoking the credentials of developers who use it, and including any app which does so on the company’s regularly updated list of malware," reports the Guardian. Apple has always used the security of its devices as a major marketing and selling point. Comparing the security with its competitors, the tech company has long highlighted the security features of OS X in its ad campaigns.
With two back to back vulnerabilities, Apple seems to be losing its lead in security as the Macs are facing some highly advanced hacking and exploiting techniques used by attackers. Currently in the public eye, Apple is expected to take swift action to patch these vulnerabilities and take the security of its Macs a notch higher.