Less than a week after Apple released a set of security patches for OS X, two new vulnerabilities are being reported in its desktop operating system. An Italian teenager claims to have found two vulnerabilities, which if exploited, could give attackers remote access to the OS X computer.
Luca Todesco, an 18-year-old, has posted details on GitHub about the exploit he has created. The exploit utilises two bugs that cause a memory corruption in OS X's kernel and facilitates root access. This memory corruption can be used to bypass kernel address space layout randomisation, the mechanism which is responsible for preventing exploit codes from executing.
The vulnerability affects OS X Mavericks v10.9.5 to OS X Yosemite v10.10.5. OS El Capitan v10.11, which is currently in beta, isn't affected by the said vulnerabilities. Todesco says that he notified Apple a few hours before acknowledging the existence of vulnerabilities to public. "This is not due to me having issues with Apple's patch policies/time frames, as others have incorrectly reported," he told PC World.
While Todesco has released a patch called NULLGuard to resolve the vulnerabilities, we would suggest you to wait for the official patches from Apple to arrive before taking any step.
Apple last week along with the release of OS X Yosemite v10.10.5 - which brought stability and compatibility fixes - also released four security patches for OS X, Safari Web browser, and old generation iPhone models and old iPod models. One of the vulnerabilities that Apple patched last week was the infamous DYLD glitch, which if exploited, allowed an attacker to gain root access to the system.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.