The days of Mac users taunting Windows users with the claim, "Macs don't get viruses" is long past. As Macs became more popular, hackers went to work and started discovering security flaws similar to the ones in Windows.
Now a new flaw in the latest Mac operating system has come to light, and it's a doozy. Not only does it give a hacker full control of the computer, it's so simple it fits in a tweet.
In fact, here it is courtesy of a reddit user named Numinit and security researcher Stefan Esser.
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s # via reddit: numinit (shorter)
— Stefan Esser (@i0n1c) July 22, 2015
If a hacker or virus gets access to your computer, running this command will tell the user account that it doesn't need a password to make changes to the computer. Normally, any major setting change or action requires you to enter your password, which limits the damage a hacker or virus can do.
Thanks to this flaw, a virus on your system that wouldn't normally be a problem suddenly becomes a big threat. And letting someone else use your Mac in a limited "guest" account is no longer a guarantee of safety. Learn how to set up a safe account for other users in OS X.
The flaw is found in OS X 10.10 Yosemite, both the current version (10.10.4) and the next update (10.10.5). Whether or not Apple fixes it in 10.10.5 before it's released remains to be seen.
To check your version, click the Apple icon in the upper-left corner and choose "About this Mac." Look under "OS X" to find the version number.
If it only says "Build" followed by a five- to seven-character ID, then you're running OS X 10.9 or earlier. If you're curious about your exact version, check out this list on Apple's site.
Apple has fixed the flaw in the next version of OS X, which is 10.11 El Capitan. You may be required to upgrade to that version to be safe. We'll see what Apple decides to do.