Abhimanyu GhoshalManaging Editor
Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].
18-year-old Luca Todesco has uncovered two zero-day vulnerabilities in OS X that could be exploited to remotely gain access to a computer, reports PC World.
Todesco’s exploit uses two bugs to corrupt memory found in the OS X kernel. This condition can be used to circumvent built-in safeguards against intrusions and grant the attacker access to a root shell.
His exploit code works on OS X version 10.9.5 through 10.10.5. However, Apple has already fixed the issue in El Capitan 10.11, which is currently in beta.
Todesco posted details of his findings, along with a patch for them on GitHub. He said that he’d notified Apple of the issues a few hours before publishing them.
If you’re running any of the affected versions of OS X, you’d do well to consider Todesco’s patch; bear in mind that it’s an unofficial fix, so use it at your own risk.
We’ve contacted Apple and will update this post if we hear back.
➤ Italian teen finds two zero-day vulnerabilities in OS X [PC World]
Read next: New OS X exploit breaks Keychain’s security, exposes passwords
Get the TNW newsletter
Get the most important tech news in your inbox each week.