German researcher Stefan Esser from security audit firm SektionEins has disclosed a privilege escalation vulnerability in Mac OS X that’s yet to be fixed in the latest release of the operating system, according to ZDNet (http://tinyurl.com/pa6n8h8).
He says the security flaw affects OS X 10.10.x and relates to new features added by the iPad and iPhone maker in the newest evolutions of the OS, Yosemite and El Capitan. The new features exploitable by the vulnerability are based upon the dynamic linker dyld and environment variable DYLD_PRINT_TO_FILE, which enables error logging to an arbitrary file.
Esser says it’s “unclear” whether Apple knows about the security flaw or not, as it has already been patched in the first beta versions of OS X El Capitan 10.11, but not in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5, which has been released to public beta testers.