Mac has always been advertised as a platform that is relatively safe from malware. This was due to combination of the lower number of users, less attention from security researchers and, most importantly, fewer security holes in Mac OS than Windows. Apple always emphasized its security in the Mac vs PC ad campaign, claiming that Macs don’t get viruses.
However, OS X also has some serious vulnerabilities: for example, one of them exploits a weakness that allows a malicious program to gain access to a Mac and run as though it is the administrator of the system. Such a flaw is known as “privilege escalation”. By running with admin rights, it can bypass many Apple’s security features that limit the ability of downloaded code from affecting the deeper functions of the OS.
Security experts criticized Apple for having already patched the flaw in the beta versions of its next Mac OS, El Capitan. The problem is that Apple still hasn’t fixed the flaw in the latest current version of Mac OS, Yosemite. Today this bug has been seen in the wild for the first time: security researchers discovered a new adware installer doing the rounds, which allowed the adware to embed itself into the OS and install itself without requiring the user’s password.
In the meantime, another exploit will soon be revealed to researchers at the Black Hat security conference. It is known that this exploit uses a bundle of 6 weaknesses in the firmware, which controls the lowest-level functions like fans, power supply units and USB ports. It can allow to overwrite that software with the hacker’s own code, and 5 of those 6 weaknesses are present on Macs as well as PCs. Since learning about the flaw, Apple has patched two of them, but three still remain unpatched.
Another news is that the security researchers managed to write a proof of concept attack that uses the bug to create a “worm”, a virus able to spread from Mac to Mac directly. Mac can be infected through a deliberately sent email and then automatically attempt to infect other hardware connected to it. The worm is dubbed “Thunderstrike 2” and looks similar to a previous proof-of-concept attack known as BadUSB, which allowed attackers to reprogram USB devices in order to attack hardware. However, even that attack hadn’t been turned into a worm, thus limiting the potential damage.