Just a couple of days ago, Apple released an update for its Mac OS X (version 10.10.5) to fix a security flaw, and it looks like a security researcher has discovered two new vulnerabilities.
The exploist were discovered by an Italian developer, Luca Todesco. The attacks will corrupt memory in the OS X kernel, allowing hackers to circumvent kernel address space layout randomisation (kASLR), a defensive technique designed to block exploits. After that, they will be able to gain access to a root shell.
this is on 10.10.4 but 10.10.5 should’t make a difference. pic.twitter.com/dFTiTcUm06
— Luca Todesco (@qwertyoruiop) August 15, 2015
According to Todesco, who posted the details of the exploit on GitHub, it will work on OS X versions 10.9.5 all the way to the newly released OS X 10.10.5. If you’re worried, Todesco also posted a patch that fixes the bug on GitHub. It’s not official, but at least it can help keep your machine safe from the exploit. Fortunately though, the bug isn’t present in the latest OS X El Capitan, which should be released to the public in the near future, so if you’re using the public beta version of El Capitan, you should be safe.
(Source: Cult of Mac)
