Newly discovered OS X bugs could get your Mac hijacked


MacBook Air
Need a cheap Mac? Look no further than the MacBook Air.
Photo: Apple

Just a week after Apple patch several OS X vulnerabilities, a security researcher has already discovered two new exploits that could allow an attacker to remotely gain access to your Mac.

Italian developer Luca Todesco uncovered two new zero-day vulnerabilities that leave Macs susceptible to a combination of attacks that corrupt memory in the OS X kernel. The exploit currently works on OS X 10.9.5 all the way through the recently released OS X 10.10.5 update.

According to Todesco, the memory corruption can be used to circumvent kernel address space layout randomization, which acts as a defense technique for stopping exploit code from running. Once a machine gets corrupted, an attacker can gain access to a root shell.

Todesco published his findings on GitHub, along with a patch that fixes the bugs so would-be attackers can’t use it. It’s not an official fix, but for now it’s the best way to keep your Mac safe from the exploit.

Fortunately for Apple, the bug doesn’t appear to be available in OS X El Capitan, which is scheduled for release later this fall. We’ve reached out to Apple for comment on the new exploit to see if a fix is on the way, but are still waiting to hear back from them.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.