1 min read

OS X Zero-Day Flaw Found by Italian Teen

Liviu ARSENE

August 17, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
OS X Zero-Day Flaw Found by Italian Teen

A new zero-day vulnerability enabling remote access to computers running Apple’s OS X operating system has been revealed by 18-year old Italian security researcher Luca Todesco.

The exploit, published on GitHub, relies on two bugs to cause memory corruption in the kernel, enabling the researcher to bypass Apple’s OS X kASLR (kernel address space layout randomization). Although kASLR is designed to prevent this type of exploit code from running, Todesco did manage to gain a root shell.

Last week, Apple patched a vulnerability related to privilege escalation that was not connected with this one. Todesco did notify Apple hours before publishing the vulnerability, but also developed his own patch, named NULLGuard, which is also on GitHub.

“This is not due to me having issues with Apple’s patch policies/time frames, as others have incorrectly reported,” said the researcher.

Affected versions of the new zero-day vulnerability include OS X versions 10.9.5 through 10.10.5, except beta users for OS X 10.11 that appear to be unaffected.

With no official response from Apple as of yet, users who can upgrade to El Capitan are encouraged to do so, to avoid being vulnerable.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader