Less than a week after Apple released a set of security patches for OS X, two new vulnerabilities are being reported in its desktop operating system. An Italian teenager claims to have found two vulnerabilities, which if exploited, could give attackers remote access to the OS X computer.
Luca Todesco, an 18-year-old, has posted details on GitHub about the exploit he has created. The exploit utilises two bugs that cause a memory corruption in OS X’s kernel and facilitates root access. This memory corruption can be used to bypass kernel address space layout randomisation, the mechanism which is responsible for preventing exploit codes from executing.
The vulnerability affects OS X Mavericks v10.9.5 to OS X Yosemite v10.10.5. OS El Capitan v10.11, which is currently in beta, isn’t affected by the said vulnerabilities. Todesco says that he notified Apple a few hours before acknowledging the existence of vulnerabilities to public. “This is not due to me having issues with Apple’s patch policies/time frames, as others have incorrectly reported,” he told PC World.
While Todesco has released a patch called NULLGuard to resolve the vulnerabilities, we would suggest you to wait for the official patches from Apple to arrive before taking any step.
Apple last week along with the release of OS X Yosemite v10.10.5 – which brought stability and compatibility fixes – also released four security patches for OS X, Safari Web browser, and old generation iPhone models and old iPod models. One of the vulnerabilities that Apple patched last week was the infamous DYLD glitch, which if exploited, allowed an attacker to gain root access to the system.