Two Unpatched Zero-day Flaws In Apple Mac OS X

Few days after Apple patched theDYLD_PRINT_TO_FILE privilege-escalation vulnerability in OS X Yosemite, hackers have their hands on another zero-day bug in its operating system that allows hackers to gain root privileges to Mac computers.Italian teenager Luca Todesco (@qwertyoruiop) has discovered two unknown zero-day vulnerabilities in Apple’s Mac OS X operating system that could potentially be exploited to gain remote access to a Mac computer.

The 18-year-old self-described hacker has also posted details of his finding with source code for an exploit on the Github repository, as well as software to mitigate the vulnerability.

OS X Zero-Day Exploit in the Wild

The hacker’s exploit makes use of two system flaws (which he dubbed ‘tpwn‘) in order to cause amemory corruption in OS X’s kernel.
Due to memory corruption, it’s possible to circumvent the space layout randomization of the kernel address, therefore bypassing the toughest level of security meant to keep out attackers away.
The attacker then gains a root shell access to the Mac computer, allowing them to:
  • Install malicious programs
  • Create users
  • Delete users
  • Trash the system
  • Many more…

 

…even without the Mac owner’s permission.
Todesco said he had reported the issue to Apple, but did not contact the company prior to the publication of the vulnerabilities.
Todesco faced criticism for contacting Apple only a few hours before publishing his findings online and not giving the company enough time to release a security fix.

Back to top button
Close