Apple has released an update for OS X Yosemite to fix an issue that could allow hackers to infiltrate Mac computers.
Mac OS X 10.10.5, which Apple released on Aug. 13, addresses several bugs and technical glitches in the operating system, including the serious problem known as DYLD.
DYLD is a vulnerability in OS X Yosemite that would allow hackers to run programs on a Mac remotely with administrator rights, opening up wide access to the whole operating system. The exploit has already been previously used by hackers, with at least one installer of adware already taking advantage of the issue.
While Apple's OS X has long been viewed by consumers as generally more secure compared to Microsoft's Windows, Apple still has to release patches and fixes regularly. Compared to Microsoft though, Apple has at times been slow in releasing patches for individual issues. Microsoft has Patch Tuesday every month, when it releases a series of fixes.
The latest update to OS X 10.10.5 resolves over 100 bugs that affect different components of the operating system, including QuickTime, Bluetooth, Notification Center and the Mac OS X kernel. According to the details that Apple released for the update, the fixed vulnerability was possible because of an issue in path validation in DYLD, with the problem being patched through improvements in environment sanitization.
The DYLD exploit was first reported by Stefan Esser, a security researcher. In a tweet sent out late Aug. 13, however, Esser said that while Apple's OS X 10.10.5 addressed some issues, it made another security problem even worse. What problem Esser is referring to was not revealed.
Esser, however, recommended that Mac users should not uninstall the SUIDGuard kernel extension that he developed. The extension is a safeguard against kinds of attacks that exploit the DYLD issue.
Users with OS X 10.10 until OS X 10.10.4 installed on their Mac computers can download and install the critical update.
A similar issue was solved with Apple's release of OS X Yosemite 10.10.3, which patched several problems including a serious security issue that involves a hidden API. The API would allow hackers to gain backdoor access to a system-level account of a Mac computer.