Rootpipe has been found to affect multiple versions of Mac OS X (including the latest Yosemite), by allowing hackers to gain the highest access lever, known as root control, of the devices without needing to know the password.
While, Wirelurker targets iOS devices which have not been jailbroken. The security flaw could be used to access personal information from a user’s iPhone by coercing a user into installing it on their Mac and waiting for the iPhone (or iPad) to be connected via USB.
The Swedish “white-hat” hacker, Emil Kvarnhammer (of Truesec, a security firm) discovered the Rootpipe flaw, which is known as a privilege escalation vulnerability. Root control forms part of the multi-tier security within modern operating systems and is usually cordoned off, ensuring that users don’t inadvertently authorise software that could be dangerous. However, Rootpipe allows an attacker to side-step the security protocol and gain root access without a password.
Kvarnhammer has made Apple aware of the vulnerability and is not releasing any further information, until the tech giant issues a patch to affected users, as additional information could be used to duplicate the attack.
Rather, Kvarnhammer has advised on the simplest way to protect a Mac; do not use an administrative account on a daily basis unless something needs admin rights, instead use a ‘user’ account. In addition, he recommends Apple’s FireVault, which is on by default in Mac OS X Yosemite.
Wirelurker, on the other hand, is an already present threat, embedded within certain Chinese pirated software, running this software could lead to a user unintentionally installing the malware. This remains on the infected system, waiting for a user to connect a mobile device via USB.
When Wirelurker access on iOS device it scrapes personal data and attempts to install malicious copies of apps, which is amplified on jailbroken deceives (those hacked to allow software installs without Apple’s permission).
Ryan Olson (Intelligence Director at Palo Alto Networks), who discovered the malware, said that,
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware … The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
Source: The Guardian