A recently released operating system bug fix can protect businesses that use Apple iMacs against a potentially devastating vulnerability that could expose records, e-mail and financial data to theft by hacking.
On April 8, Apple released an updated version of the Mac operating system to address the flaw, which was identified in October 2014 and affects Macs running OS version 10.10.2 or older. The updated version — OS X 10.10.3 — is available through the Mac App Store. Companies that purchased their computers before October 2014 may have to upgrade to the latest Mac operating system before the fix can be applied.
This flaw has been identified just as businesses have started adopting bring-your-own-device (BYOD) strategies and are more frequently purchasing Apple computers. A recent Forrester survey found that 50% of businesses have Apple computers deployed within their enterprise.
What’s concerning here is that so many small businesses are using Apple computers and these small businesses have scarce information technology security budgets, but are increasingly targeted for identify theft and electronic fund transfers. This vulnerability can give attackers access to critical business records that enable those crimes.
The vulnerability is significant because it allows any program running on an affected system to elevate to the highest level of privilege on the system. In other words, any data or capability on an affected computer becomes exposed when the vulnerability has been exploited. All internal business documents, access to online banking, accounting software, messages and e-mails could be accessed by an attacker exploiting this vulnerability.
The vulnerability exists in all Macs purchased since 2011, but older Macs also could be vulnerable. The flaw resides in a rarely-used portion of the operating system and could enable a hacker to gain privileged access on the computer through the system’s administration framework. The Common Vulnerability and Exploit identifier for the software flaw is CVE-2015-1130.
The fix released by Apple is included as part of the Apple Security Update 2015-004, which is also part of the OS X Yosemite v. 10.10.3 update. To safeguard themselves, companies should update their computers to the latest operating system software using the App Store’s software update feature.
For businesses running newer Apple computers (purchased in late 2014), the update is relatively simple, requiring only a software update through the App Store. Users who purchased their computers prior to late 2014 face a more complicated process, although Mac OS 10.9 (Mavericks) is a free upgrade, as is 10.10 (Yosemite). However, those running 10.7 (Lion) must purchase the $20 update to 10.8 (Mavericks). Users can identify the current version of OS X running on a system by clicking on the Apple icon in the menu and selecting “About This Mac.”
Dave Hawkins a principal with Columbia-based Analecta LLC. He can be contacted at 240-593-2382 and firstname.lastname@example.org.