Unpatched Tpwn Mac OS X Bug Could Grant Root Privileges

  /     /     /  
Publicated : 22/11/2024   Category : security

Unpatched Tpwn Mac OS X Bug Could Grant Root Privileges


Researchers beginning to find more cracks in Mac operating systems.


Just days after Apple patched a local privilege escalation vulnerability in OS X that would grant attackers root access, they are working to patch another one.
Sunday, Italian researcher Luca Todesco
published proof-of-concept code
to GitHub for Tpwn, a memory corruption bug in the kernel of OS X versions 10.9.5 (Mavericks) through 10.10.5 (Yosemite). It does not affect the forthcoming version, OS X El Capitan, which is now in beta.
As Todesco
explained to MacWorld
, The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell.
Todesco created a kernel extension called NULLGuard to protect against tpwn, but
later recommended
users instead install 
SUIDGuard,
a TrustedBSD kernel extension created by Mac security researcher Stefan Esser.
Todesco published the code for Tpwn just hours after he disclosed the vulnerability to Apple, for which he has received some public criticism.   
Tpwn arrives just six days after Apple patched the
DYLD_PRINT_TO_FILE
vulnerability in OS X Yosemite discovered last month -- a bug in an environment variable that also enabled root access.
Other cracks were found in Mac OS X recently by Synack director of research Patrick Wardle. At Black Hat Las Vegas this month,
Wardle revealed exploits
hed written that circumvents Gatekeeper, OS Xs mechanism for preventing unsigned code from running. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Unpatched Tpwn Mac OS X Bug Could Grant Root Privileges