Another Serious Vulnerability In OS X Discovered

You might remember that a serious vulnerability was just fixed in OS X. Great. But you’re not safe because yet another serious vulnerability has been found in OS X. Dubbed the “tpwn” exploit by Luca Todesco, it affects every version of OS X. Here’s the details from Appleinsider:

The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks — including a null pointer dereference in OS X’s IOKit — to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite, but seems to have been mitigated in OS X El Capitan, which is nearing release. 

Todesco did not disclose the problem to Apple before sharing it publicly early Sunday, so it remains to be seen how quickly the company will respond.

Lovely. I’m guessing that because of the way it was disclosed (in other words, it was disclosed to the entire planet rather than just to Apple), Apple is scrambling to react to this. But because of how secretive the company is, who knows? The good news is that this is a non-issue in Apple’s upcoming El Capitan OS. But that does little good to those running any other version of OS X.

Leave a Reply

%d bloggers like this: