Jump to content

Apple still hasn't patched zero-day in OS X Yosemite and Mavericks


Recommended Posts

Apple still hasn't patched zero-day in OS X Yosemite and Mavericks

Apple has yet to patch up a zero-day vulnerability in Mac OS X Yosemite and Mavericks discovered by a teenager last week.

Threat Post reports that the kernel-level flaw uncovered by Luca Todesco, an 18-year-old security researcher, remains active in both versions of OS X but it has reportedly been addressed in OS X El Capitan Beta.

The exploit discovered by Todesco, known as tpwn, fuses together two vulnerabilities that affect the memory processes in OS X 10.9.5 through 10.10.5 at kernel level that get past existing mitigations.

Once a hacker gains access to a machine that is vulnerable they have root-level access, although a successful attack only occurs when a user executes a malicious application or file downloaded from the internet.

Patch possibly coming soon

There is one way to mitigate the threat, according to a Github post by Todesco, which is to run the SUIDGuard tool developed by Stefan Esser that ultimately makes it difficult for attackers to run kernel-level exploits.

It's widely reported that Apple is working on a solution to fix the OS X exploit in the form of a patch that is currently being tested. It's unlikely that it will be a problem in OS X El Capitan when it arrives at some point in the coming months.




Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.