[marquis]

Is there a test to determine if the patch is successful?

Edit: as noted in Esser's blog [1]: $ EDITOR=/usr/bin/true DYLD_PRINT_TO_FILE=/this_system_is_vulnerable crontab -e

I found this test failed in both a patched (10.10.4) and un-patched system (10.10.1) so not sure what these results mean.

[1] https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_fi...

[Corrado]

Did you check the root directory for a file named "this_system_is_vulnerable"? I just tested this on a mid-2015 MBP running 10.10.4 and found that file in the root directory. :(

[marquis]

Thanks for clarifying: I was able to find the vulnerability on the unpatched system with:

  $ ls -al /
  (etc)
  -rw-r--r--   1 root  wheel       0 Aug  6 06:46   this_system_is_vulnerable

So I can a) confirm the vulnerability exists and it can write with root privileges.

and b) the patch works: I ran the patch, deleted the test file, rebooted and the file is no longer able to be written.

[odonnellryan]

Before or after the patch?

[odonnellryan]

You ran the GitHub patch and it still failed?

[marquis]

The patch works. I now have 2 patched systems and I've instructed my team to run the patch immediately on every mac.