Just a week after Apple patch several OS X vulnerabilities, a security researcher has already discovered two new exploits that could allow an attacker to remotely gain access to your Mac.
Italian developer Luca Todesco uncovered two new zero-day vulnerabilities that leave Macs susceptible to a combination of attacks that corrupt memory in the OS X kernel. The exploit currently works on OS X 10.9.5 all the way through the recently released OS X 10.10.5 update.
According to Todesco, the memory corruption can be used to circumvent kernel address space layout randomization, which acts as a defense technique for stopping exploit code from running. Once a machine gets corrupted, an attacker can gain access to a root shell.
Todesco published his findings on GitHub, along with a patch that fixes the bugs so would-be attackers can’t use it. It’s not an official fix, but for now it’s the best way to keep your Mac safe from the exploit.
Fortunately for Apple, the bug doesn’t appear to be available in OS X El Capitan, which is scheduled for release later this fall. We’ve reached out to Apple for comment on the new exploit to see if a fix is on the way, but are still waiting to hear back from them.
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
2 responses to “Newly discovered OS X bugs could get your Mac hijacked”
“Just a week after Apple patch several OS X vulnerabilities, a security researcher has already discovered two new exploits that could allow an attacker to remotely gain access to your Mac.”
PS – your website loads very jerky in iOS Safari on iPad 3, iOS. 8.3
Already fixed in 10.11 betas. I have no doubt it will be fixed soon.