Apple has two more vulnerabilities to fix in OS X 10.10 Yosemite

Two zero-day vulnerabilities in Apple’s OS X, that have been discovered  by an Italian teenager, could potentially be used to gain remote access to a computer.

Luca Todesco, 18, found that there are two bugs in the OS that can be used to corrupt the memory in the OS X’s kernel. Once the memory is corrupt, the attacker can then circumvent the kernel address space layout randomization (kASLR), which is a defensive technique of the OS to protect itself from giving the attacker the root shell. But once the attacker circumvents through the kASLR, they can gain a root shell.

The exploit works in 10.9.5 through to 10.10.5 versions of OS X. One good news for OS X lovers is that this exploit has been fixed in the upcoming El Capitan update. But El Capitan is currently in beta, which means that you are still most likely using a vulnerable version

This exploit was discovered just after the latest patch that Apple released last week to prevent attackers and miscreants from loading programs onto computers through remote access. The patch was for a local privilege escalation vulnerability.

Todesco said that he does security research in his spare time, which was when he found this exploit. He also said that he notified Apple a few hours before publishing the exploit on GitHub.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo Credit: Joe Wilcox