Hackers are exploiting a critical vulnerability in Apple’s OS X operating system to install malware on Macbooks.
Malwarebytes Apple security expert Thomas Reed reported uncovering the attacks in a threat advisory.
The vulnerability was uncovered by security researcher Stefan Esser at the end of July. It relates to the way Apple OS X version 10.10 logs software errors and can be used by hackers to forcibly install software on Macbooks.
Reed said the current attacks targeting the flaw install a variety of malicious programs. These include the VSearch and Genio adwares and MacKeeper junkware.
Adware is a piece of software used to push advertisements to users. The VSearch and Genio adwares are aggressive forms of the software that push adverts to the user via a series of pop-up web browser windows.
VSearch and Genio are listed by most security tools as either potentially unwanted programs or outright malware as they regularly ignore the user’s privacy settings and have spread malicious adverts in the past.
Junkware is useless software that doesn’t directly damage a computer, but doesn’t offer any clear benefits to its user.
MacKeeper is listed by its maker as a Mac OS X performance enhancing software. Mac OS X users began referring to it as junkware after Apple forum users suggested that its services didn’t actually work.
Malwarebytes’ Reed said the attacks are troubling as there is currently no fix for the vulnerability being targeted.
“This is obviously very bad news. Apple has evidently known about this issue for a while now — not due to Esser, but thanks to a responsible researcher going by the Twitter handle @beist, who had alerted Apple some time before Esser discovered the bug,” he said.
“Unfortunately, Apple has not yet fixed this problem, and now it is beginning to bear fruit. Worse, there is no good way to protect yourself.”
Business Insider has reached out to Apple for comment when Mac OS X users can expect a fix.
One of two problems
The Mac OS X attacks come just after researchers claimed to have developed a “Thunderstrike 2” malware capable of infecting Macbooks.
Researchers Trammel Hudson and Xeno Kovah reported developing the malware at the Blackhat tradeshow in Las Vegas.
Thunderstrike is a proof-of-concept malware, intended for research purposes that is not active in the wild. It can reportedly infect Macbook computers using infected Macbook peripherals.
Business Insider reached out to Apple for comment on the Thunderstrike 2 malware.