sincity Posted August 19, 2015 Share Posted August 19, 2015 Apple has yet to patch up a zero-day vulnerability in Mac OS X Yosemite and Mavericks discovered by a teenager last week. Threat Post reports that the kernel-level flaw uncovered by Luca Todesco, an 18-year-old security researcher, remains active in both versions of OS X but it has reportedly been addressed in OS X El Capitan Beta. The exploit discovered by Todesco, known as tpwn, fuses together two vulnerabilities that affect the memory processes in OS X 10.9.5 through 10.10.5 at kernel level that get past existing mitigations. Once a hacker gains access to a machine that is vulnerable they have root-level access, although a successful attack only occurs when a user executes a malicious application or file downloaded from the internet. Patch possibly coming soon There is one way to mitigate the threat, according to a Github post by Todesco, which is to run the SUIDGuard tool developed by Stefan Esser that ultimately makes it difficult for attackers to run kernel-level exploits. It's widely reported that Apple is working on a solution to fix the OS X exploit in the form of a patch that is currently being tested. It's unlikely that it will be a problem in OS X El Capitan when it arrives at some point in the coming months. OS Showdown: OS X 10.11 El Capitan vs Windows 10 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.