Share: twitterTweet facebookShare

Italian Teenager Uncovers Two Zero-Day Vulnerabilities in OS X

Share: twitterTweet facebookShare

PC World has reported that an Italian teenager has found two zero-day vulnerabilities in Apple’s Mac OS X operating system that could be used to gain remote access to a machine.

yosemite

Interestingly, the findings went public within a few days of Apple patching a local privilege escalation flaw disclosed earlier by Stefan Esser, a German researcher from security audit firm SektionEins.

Watch the Latest Apple Technology News Below

The Italian teenager, Luca Todesco, shared his findings on GitHub. The exploit uses two bugs to cause a memory corruption in the OS X kernel, he said to PC World in an email. This cracks open the door to a hacker using the memory corruption condition to circumvent kernel address-space randomization (kASLR) to gain root access.

Unfortunately, the zero-day vulnerabilities affect all OS X versions from 10.9.5 to 10.10.5. Apparently, Apple is aware if the flaw, because it is fixed in the beta version of the next-generation OS X (10.11), El Capitan.

According to Todesco, he notified Apple “a few hours before he shared the exploit.” He has also developed a patch he calls NULLGuard, which can be downloaded from GitHub.

Share: twitterTweet facebookShare