Malwarebytes reports (archived) that a vulnerability in Apple's latest version of OS X which was reported to exist last month on Stefan Esser's blog (archived) is now appearing on malware in the wild. The flaw came into being through a new feature introduced into the OS X dynamic linker dyld. The new feature allows the linker to log error output to any file on the system without the safety or sanity checks implemented in even "hobbyist" developed Unix systems. Malwarebytes only noticed the flaw being actively exploited because a particular piece of adware had edited the sudoers file on a testing environment while examining the malware. The severity of the flaw though is such that when triggered it can edit any file on the affected machine including executable system files. Esser originally reported this flaw on July 7th, 2015 and Apple has yet to release a patch. On the other hand Esser has published a source code patch on his own which lessens this flaw though it is hard to determine how this patch will interact with possible future updates from Apple.