Researchers beginning to find more cracks in Mac operating systems.
Just days after Apple patched a local privilege escalation vulnerability in OS X that would grant attackers root access, they are working to patch another one.
Sunday, Italian researcher Luca Todesco published proof-of-concept code to GitHub for "Tpwn," a memory corruption bug in the kernel of OS X versions 10.9.5 (Mavericks) through 10.10.5 (Yosemite). It does not affect the forthcoming version, OS X El Capitan, which is now in beta.
As Todesco explained to MacWorld, "The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell."
Todesco created a kernel extension called NULLGuard to protect against tpwn, but later recommended users instead install SUIDGuard, a TrustedBSD kernel extension created by Mac security researcher Stefan Esser.
Todesco published the code for Tpwn just hours after he disclosed the vulnerability to Apple, for which he has received some public criticism.
there are a few reasons to drop a full kernel 0day PoC on github. apple's slowness is not one of them, fyi.
— Luca Todesco (@qwertyoruiop) August 16, 2015
Tpwn arrives just six days after Apple patched the DYLD_PRINT_TO_FILE vulnerability in OS X Yosemite discovered last month -- a bug in an environment variable that also enabled root access.
Other cracks were found in Mac OS X recently by Synack director of research Patrick Wardle. At Black Hat Las Vegas this month, Wardle revealed exploits he'd written that circumvents Gatekeeper, OS X's mechanism for preventing unsigned code from running.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024