A vulnerability in OS X Yosemite that went public last month is being used by cyber criminals to plant adware on Macs, a security researcher said today.

“As far as we’ve been able to determine, it just installs adware and junkware,” said Thomas Reed, director of Mac offerings at Malwarebytes, a San Jose, Calif. security firm. “It’s annoying, but not malicious.”

That’s not to say the vulnerability isn’t serious: The same group, or others, could easily leverage the vulnerability to infect Macs with more substantial attack code, Reed said.

The vulnerability — which is Yosemite-specific — was publicly disclosed last month by German researcher Stefan Esser, who also posted exploit code. According to a Korean researcher who goes by the nickname “beist” on Twitter, the bug had been reported to Apple before Esser revealed the flaw.

Read the Full Article: Source – CSO Online
Nrowsing Privacy: (CSO Online) – Crooks exploit public bug to plant adware on Yosemite Macs

source not found