Categories: SecurityWorkspace

Mac Hit By Second Zero-Day Flaw In As Many Months

Apple’s Mac OS X has been hit by another unpatched ‘vertical privilege escalation’ security bug similar to the DYLD_PRINT_TO_FILE bug made public in July, and exploited by adware discovered earlier this month.

The latest bug was published by a developer describing himself on Twitter as an 18-year-old Italian named Luca Todesco, who released proof-of-concept code allowing an unprivileged user to gain root access to a system.

The bug affects every version of Mac OS X 10.10 Yosemite, including the most recent release, but is mitigated with the upcoming OS X 10.11 El Capitan release, according to researchers. Todesco said he notified Apple of the issue but acknowledged that a fix isn’t yet available for Mac OS X 10.10.

The release comes shortly after Apple’s latest update to Yosemite, which patches the DYLD_PRINT_TO_FILE flaw.

That bug was published by researcher Stefan Esser, who initially criticised Apple for failing to provide a patch for current versions of Mac OS X, only fixing it in Yosemite, now in public testing.

Like Esser, Todesco was criticised by some security experts for releasing the proof-of-concept before a patch was available.

However, Todesco said he hadn’t intended the release as a broadside against Apple, and said on Twitter that the reaction against him was “out of proportion” to the importance of the flaw, which he compared to the jailbreak exploits used to gain control of iPhones.

Such exploits can be used by an application with low-level privileges to gain control of a system with top-level root access.

Malicious software

In the case of Todesco’s tpwn exploit, an attack would require physical access to a system, but it could also be exploited if a user were tricked into installing malicious software. Todesco’s proof-of-concept exploits two issues via IOKitLib, an interface for accessing physical devices attached to a system.

Todesco recommended users install Esser’s SUIDGuard to protect against unpatched privilege-escalation flaws. In general, security experts say users can mitigate such risks by only installing applications from trusted sources.

Security researcher Emil Kvarnhammar of Sweden’s Truesec publicised a privilege-escalation bug called rootpipe in Mac OS X Yosemite last year, but withheld details of the flaw until a patch was available.

Apple didn’t immediately respond to a request for comment. The company typically doesn’t comment on security-related issues.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

22 mins ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

16 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

18 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

19 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

20 hours ago