Jump to content

Apple still hasn't patched zero-day in OS X Yosemite and Mavericks

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted
Apple still hasn't patched zero-day in OS X Yosemite and Mavericks

Apple has yet to patch up a zero-day vulnerability in Mac OS X Yosemite and Mavericks discovered by a teenager last week.

Threat Post reports that the kernel-level flaw uncovered by Luca Todesco, an 18-year-old security researcher, remains active in both versions of OS X but it has reportedly been addressed in OS X El Capitan Beta.

The exploit discovered by Todesco, known as tpwn, fuses together two vulnerabilities that affect the memory processes in OS X 10.9.5 through 10.10.5 at kernel level that get past existing mitigations.

Once a hacker gains access to a machine that is vulnerable they have root-level access, although a successful attack only occurs when a user executes a malicious application or file downloaded from the internet.

Patch possibly coming soon

There is one way to mitigate the threat, according to a Github post by Todesco, which is to run the SUIDGuard tool developed by Stefan Esser that ultimately makes it difficult for attackers to run kernel-level exploits.

It's widely reported that Apple is working on a solution to fix the OS X exploit in the form of a patch that is currently being tested. It's unlikely that it will be a problem in OS X El Capitan when it arrives at some point in the coming months.




rc.img

rc.img

rc.img

a2.imga2t.imgmf.gifBrb_lW29BbY
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept