Apple OS X hit by new zero-day

By

Proof of concept released without notifying Apple.

Details of a new local privilege escalation bug in Apple's OS X 10.10.x operating system have been published online, just days after a separate vulnerability in the OS was patched by the company.

Apple OS X hit by new zero-day

Italian student Luca Todesco posted details of the "tpwn" vulnerability with source code for an exploit on the Github repository, and said he did not contact Apple prior to the publication of the vulnerability.

Todesco's exploit uses multiple attacks, one of which targets Apple's IOKit hardware device driver platform. It could be used by attackers to gain full, system-wide root access to victims' machines, in order to control them or to plant malware.

The DYLD privilege escalation vulnerability discovered last month by researcher Stefan Esser - who also published details of the flaw without first notifying Apple - was quickly exploited by attackers seeking to plant adware and junkware on users' Macs.

Apple patched Esser's vulnerability with the OS X 10.10.5 update released last week. The update also included a large amount of security patches for other vulnerabilities, such as several flaws in the Bluetooth protocol and a number of OS X core system components.

OS X 10.10.5 remains vulnerable to the new flaw discovered by Todesco, who said the vulnerability is patched in the lastest "El Capitan" 10.11 version of the operating system.

Todesco also released an unofficial fix, NULLGUARD, which renders his own tpwn and similar bugs unexploitable by preventing the execution of binary files lacking __PAGEZERO segments for NULL pointer de-references.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?