18-year-old Luca Todesco has uncovered two zero-day vulnerabilities in OS X that could be exploited to remotely gain access to a computer, reports PC World.
Todesco’s exploit uses two bugs to corrupt memory found in the OS X kernel. This condition can be used to circumvent built-in safeguards against intrusions and grant the attacker access to a root shell.
New York, meet the world’s tech scene
5,000 Tech leaders are coming to NYC this November to learn and do business. This is your chance to join them.
His exploit code works on OS X version 10.9.5 through 10.10.5. However, Apple has already fixed the issue in El Capitan 10.11, which is currently in beta.
Todesco posted details of his findings, along with a patch for them on GitHub. He said that he’d notified Apple of the issues a few hours before publishing them.
If you’re running any of the affected versions of OS X, you’d do well to consider Todesco’s patch; bear in mind that it’s an unofficial fix, so use it at your own risk.
We’ve contacted Apple and will update this post if we hear back.