Young Italian discovers two serious flaws in Mac OS X

[Mirone 1,515]

 

Mac OS X has two serious flaws that can give a hacker complete control of a computer from Apple. Discovered by the young Italian Luca Todesco, the gaps can be used to corrupt the operating system kernel. This allows the layers of security of the Mac are circumvented and harmful programs can be installed on the machine.

 

The kernel is the most basic layer of the operating system, which is in charge of establishing a bridge between software and hardware. With corrupted kernel protections by bugs, it is possible to have access to the root shell of Mac OS x. This part gives access to all system resources and allows a hacker to completely control the machine, since it is connected to the Internet.

 

Luca (@qwertyoruiop on Twitter) released its findings at a forum for developers, where stated, once you have identified the problems, Apple warned. In addition to the report on how the problem can be exploited, the Italian released a patch, that he himself developed, to correct the failure. So far, the company has not yet released any official correction.

 

The problem occurs in versions 10.9.5 and Mac OS X 10.10.5. In version 10.11, known as El Capitan and still in beta, Apple has already done fixes that prevent the operating system kernel end up corrupted.

 

see here the patches made by Luca Todesco:

https://github.com/kpwn/tpwn

https://github.com/kpwn/NULLGuard

[spakk 1,805]

really lousy performance of Apple ....  I 've read that yesterday on a German website,

[Pike R. Alpha 489]

See also: https://github.com/sektioneins/SUIDGuard