Italian Teenager Uncovers 2 Zero Day Vulnerabilities in Apple OS X

Share on Facebook Tweet Snapchat Share Reddit Comment
Italian Teenager Uncovers 2 Zero Day Vulnerabilities in Apple OS X

Less than a week after Apple released a set of security patches for OS X, two new vulnerabilities are being reported in its desktop operating system. An Italian teenager claims to have found two vulnerabilities, which if exploited, could give attackers remote access to the OS X computer.

Luca Todesco, an 18-year-old, has posted details on GitHub about the exploit he has created. The exploit utilises two bugs that cause a memory corruption in OS X's kernel and facilitates root access. This memory corruption can be used to bypass kernel address space layout randomisation, the mechanism which is responsible for preventing exploit codes from executing.

The vulnerability affects OS X Mavericks v10.9.5 to OS X Yosemite v10.10.5. OS El Capitan v10.11, which is currently in beta, isn't affected by the said vulnerabilities. Todesco says that he notified Apple a few hours before acknowledging the existence of vulnerabilities to public. "This is not due to me having issues with Apple's patch policies/time frames, as others have incorrectly reported," he told PC World.

While Todesco has released a patch called NULLGuard to resolve the vulnerabilities, we would suggest you to wait for the official patches from Apple to arrive before taking any step.

Apple last week along with the release of OS X Yosemite v10.10.5 - which brought stability and compatibility fixes - also released four security patches for OS X, Safari Web browser, and old generation iPhone models and old iPod models. One of the vulnerabilities that Apple patched last week was the infamous DYLD glitch, which if exploited, allowed an attacker to gain root access to the system.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Xiaomi Says Sold 800,000 Redmi Note 2 Handsets in 12 Hours
MakeMyTrip Launches Train-Booking App With Support for 5 Indian Languages

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com