Italian Teenager Uncovers Two Zero-Day Vulnerabilities in OS X
PC World has reported that an Italian teenager has found two zero-day vulnerabilities in Apple’s Mac OS X operating system that could be used to gain remote access to a machine.
Interestingly, the findings went public within a few days of Apple patching a local privilege escalation flaw disclosed earlier by Stefan Esser, a German researcher from security audit firm SektionEins.
The Italian teenager, Luca Todesco, shared his findings on GitHub. The exploit uses two bugs to cause a memory corruption in the OS X kernel, he said to PC World in an email. This cracks open the door to a hacker using the memory corruption condition to circumvent kernel address-space randomization (kASLR) to gain root access.
Unfortunately, the zero-day vulnerabilities affect all OS X versions from 10.9.5 to 10.10.5. Apparently, Apple is aware if the flaw, because it is fixed in the beta version of the next-generation OS X (10.11), El Capitan.
According to Todesco, he notified Apple “a few hours before he shared the exploit.” He has also developed a patch he calls NULLGuard, which can be downloaded from GitHub.