A new zero-day vulnerability enabling remote access to computers running Apple’s OS X operating system has been revealed by 18-year old Italian security researcher Luca Todesco.
The exploit, published on GitHub, relies on two bugs to cause memory corruption in the kernel, enabling the researcher to bypass Apple’s OS X kASLR (kernel address space layout randomization). Although kASLR is designed to prevent this type of exploit code from running, Todesco did manage to gain a root shell.
Last week, Apple patched a vulnerability related to privilege escalation that was not connected with this one. Todesco did notify Apple hours before publishing the vulnerability, but also developed his own patch, named NULLGuard, which is also on GitHub.
“This is not due to me having issues with Apple’s patch policies/time frames, as others have incorrectly reported,” said the researcher.
Affected versions of the new zero-day vulnerability include OS X versions 10.9.5 through 10.10.5, except beta users for OS X 10.11 that appear to be unaffected.
With no official response from Apple as of yet, users who can upgrade to El Capitan are encouraged to do so, to avoid being vulnerable.