Two newly-discovered zero-day vulnerabilities in OS X, discovered by 18-year-old Italian Luca Todesco, could give hackers remote access to your Mac. The find comes just days after Apple issued an update to patch a local privilege escalation vulnerability.
Todesco has created an exploit that uses the two vulnerabilities to cause a memory corruption in OS X’s kernel, he reveals in a GitHub post.
“The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running,” explains PC World. “The attacker then gains a root shell.”
Todesco has already made these vulnerabilities known to Apple, but you don’t need to wait for an official fix; Todesco has made his own patch, dubbed NULLGUARD, available via his GitHub post.
Famed iOS developer Stefan Esser, also known as ic0nic, has also released an update to SUIDGuard “with NULLGUARD like protection” on GitHub.
Apple is yet to provide a statement on this vulnerability, but as soon as an official update is available, we’ll be sure to let you know.