A teenager from Italy found two zero-day vulnerabilities in the operating system OS X 10.10.5, which can be used to gain remote access to the computer, Securitylab reports. Information about the exploit he has published on GitHub.
18-year-old Luke Todesco told about a security hole in Mac computers. According to the teenager, the exploit uses two vulnerabilities to the integrity of the information in kernel memory OS X, which allows to apply the technology of ASLR. Code of the exploit works in versions of OS X 10.9.5 – 10.10.5. In the beta version of OS X 10.11 El Captain the vulnerability is eliminated.
Todesco noted that Apple was informed about the problem for a few hours before the publication of the exploit. In addition, the teenager has developed a patch titled NULLGuard, the details of which are also provided on GitHub. However, not having a Mac developer certificate, distribute the patch Todesco. Apple representatives the situation has not yet commented on.
The release of OS X Yosemite 10.10.5 took place simultaneously with iOS 8.4.1 August 13. According to the description of the update it does not bring new features, but “improves the stability, compatibility and security of your Mac”.
In addition, OS X Yosemite 10.10.5 closed the vulnerability, discovered by computer security specialist Stefan Esser. He found that the new environment variable DYLD_PRINT_TO_FILE in the dynamic link editor dyld allows you to access and modify any system files without entering the administrator password, and use that hole attackers.