Unpatched Tpwn Mac OS X Bug Could Grant Root Privileges

  /     /     /  
Publicated : 22/11/2024   Category : security


Unpatched Tpwn Mac OS X Bug Could Grant Root Privileges


Researchers beginning to find more cracks in Mac operating systems.



Just days after Apple patched a local privilege escalation vulnerability in OS X that would grant attackers root access, they are working to patch another one.
Sunday, Italian researcher Luca Todesco
published proof-of-concept code
to GitHub for Tpwn, a memory corruption bug in the kernel of OS X versions 10.9.5 (Mavericks) through 10.10.5 (Yosemite). It does not affect the forthcoming version, OS X El Capitan, which is now in beta.
As Todesco
explained to MacWorld
, The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell.
Todesco created a kernel extension called NULLGuard to protect against tpwn, but
later recommended
users instead install 
SUIDGuard,
a TrustedBSD kernel extension created by Mac security researcher Stefan Esser.
Todesco published the code for Tpwn just hours after he disclosed the vulnerability to Apple, for which he has received some public criticism.   
Tpwn arrives just six days after Apple patched the
DYLD_PRINT_TO_FILE
vulnerability in OS X Yosemite discovered last month -- a bug in an environment variable that also enabled root access.
Other cracks were found in Mac OS X recently by Synack director of research Patrick Wardle. At Black Hat Las Vegas this month,
Wardle revealed exploits
hed written that circumvents Gatekeeper, OS Xs mechanism for preventing unsigned code from running. 

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Unpatched Tpwn Mac OS X Bug Could Grant Root Privileges