Two Zero-Day Vulnerabilities Discovered in Apple’s OS X

Two zero-day vulnerabilities have been uncovered by an Italian teenager in Apple’s OS X operating system, potentially granting an attacker to gain remote access to an Apple computer.

An 18-year old Italian teenager has uncovered two significant bugs in Apple’s OS X that can be wielded to corrupt the OS X’s memory in the kernel. The discovery comes merely days after Apple recently patched a local privilege escalation vulnerability that gave the means for attackers to install malicious programs onto computers, reports MacRumors.

Quite simply, Mac users running OS X Yosemite are vulnerable to malware that could let an attacker gain complete remote access to their computers.

Related Article: Apple Fixes Safari Bugs with New Patch

Root shell access is granted to an attacker once the memory is rendered corrupt, giving the attacker the means to dodge the kernel address space layout randomization (kASLR), a defensive method used by the OS to protect an external operator from gaining the root shell.

Stay vigilant, Apple users.

The vulnerability affects all versions of OS X Yosemite from version 10.9.5 to 10.10.5, the latest build of the operating system.

Significantly, OS X 10.11, also known as OS X El Captain (currently in pubic beta) is not affected.

Luca Todesco, 18, also developed an exploit for the vulnerability which he duly uploaded to GitHub, making the exploit code public to everyone. He did, however, report the bug to Apple a few hours prior to publishing the code on GithHub, according to multiple tweets posted on his twitter account.

“I was planning on publishing it in an abstract blog post. I informed Apple, just because, you know, Apple could have simply not noticed my post,” he told The Register. “I only published tpwn (the exploit code) because I had to, or else I would have kept it unreported until 10.11. The bad guys already have [local privilege escalation bugs].”

Furthermore, Todesco also developed an extension for the kernel called NULLguard, programmed to stop applications from using the zero page, essentially blocking any programs from exploiting the vulnerability. However, he now recommends users to install SUIDGuard, developed by Stefan Esser instead.

While Apple works on a patch, users are advised to run and install trusted and signed applications alone – preferably from the Mac App Store and trusted developers, to try and ensure that nobody gains remote access to their machines.

Image credit: PixaBay