When we talk about hackers, we are usually referring to security experts who work for good, that is, who normally live to make systems more secure / impenetrable. basically the opposite of a cracker, which uses its knowledge to harm users, steal information and so on.
Yesterday, a famous figure in the world jailbreak iOS Stefan Esser, better known as @ i0n1c took an action that placed him in an obscure space between a hacker and a cracker. Disgusted with Apple, Esser published full details of a security vulnerability in OS X stating "I don't like working for free".
The failure is critical, but not the most serious. It is a “Local exploit”, normally used by malware developers to gain more read / write privileges within an operating system without having to ask the user to enter their administrator password. less worrying, for example, that a exploit remote.
Esser stated that both the current OS X Yosemite 10.10.4 and the first beta version of 10.10.5 are affected by the flaw, but interestingly the betas of OS X El Capitan 10.11 no. On the one hand, this is good; on the other hand, it shows that Apple is already aware of the problem but has not bothered to fix it in the versions of its operating system most used by users today.
Perhaps trying to “remedy” a little of the situation, Esser published on GitHub an extension of kernel (SUIDGuard) which applies a correction for the fault identified by it. Still, it is rooted for Apple to take an official action soon.
(via The Mac Security Blog)
