Users of Apple's Mac computers are being advised to initiate the upgrades of the latest release of the OS X operating system, namely OS X Yosemite 10.10.3, as soon as possible because the update will fix a recently discovered but very serious security issue.
The security issue involves a hidden API, or application program interface, that allows hackers to gain backdoor access to a Mac's system-level account.
The discovery is surprising since the OS X operating system of Apple has largely been considered more secure compared to the Windows operating system of Microsoft.
However, while the OS X has adopted POSIX-compliant permissions, along with other security systems inspired by Unix, to increase the operating system's security, it is still prone to cyber attacks as pointed out by Emil Kvarnhammar, a security researcher.
Kvarnhammar was the one who discovered the issue and informed Apple about it. The previously unknown backdoor API allows hackers to remove the limitations of a restricted account to acquire system-level access.
Kvarnhammar detailed the issue through a post on the TrueSec blog, where he suggested that the backdoor API was initially intended to access System Preferences and related system setup utility tools for making changes to a Mac's system when launched from a normal user account without such privileges.
However, the API was not locked down, resulting in the possibility of processes exploiting the API to acquire system-level privileges to a target system, including malware and viruses.
According to the security researcher, the issue has been included in the OS X since at least 2011 before he discovered it and informed Apple about the security flaw in October of last year. Apple then started working on a fix to the security flaw for OS X Yosemite 10.10.2, but that was not able to solve the problem.
The fix to the security issue will now be implemented with the latest update to OS X Yosemite 10.10.3, which makes the upgrade a critical one for users who wish to be protected from the revealed flaw.
OS X 10.9.x and older, including the Lion, Mountain Lion and Mavericks operating systems for the Mac, will not be receiving patches to fix the issue, reportedly because of the complexity of the patch that will be difficult to implement in older versions of OS X.