Researcher releases exploit for OS X 0-day that gives root access
Italian security researcher Luca Todesco has published PoC exploit code for a newly discovered zero-day privilege escalation flaw affecting OS X Yosemite (v10.10) and Mavericks (v10.9).
Symantec experts have analysed the exploit and say it works as described.
“The exploit uses two different vulnerabilities to create a memory corruption in the OS X kernel. This is then used to bypass security features that block exploit code from running, providing the attacker with root access,” they explained.
“While the vulnerabilities require the victim to voluntarily run an application in order for an attack to be successful, they represent a threat until a patch is published by Apple.”
According to Todesco, one of the vulnerabilities has been patched in OS X El Capitan (v10.11, still in beta), so the exploit won’t work on a machine running it.
He notified Apple of the existence of these flaws a few hours before releasing the exploit, but didn’t explain why he released it without giving Apple a chance to plug the hole first. He simply says he “had reasons.”
According to Engadget, Todesco and Apple are in contact, and Apple is hopefully working on a fix that will be pushed out soon, as we can be sure that malicious actors are doing their best to find a way to use the exploit.
In the meantime, users can protect themselves against it by downloading and running only applications they trust, by updating to OS X El Capitan, or by installing SUIDGuard, Stefan Esser’s kernel extension that, among other things, stops NULL page exploits like Todesco’s.