Todesco’s exploit uses two bugs to corrupt memory found in the OS X kernel. This condition can be used to circumvent built-in safeguards against intrusions and grant the attacker access to a root shell. His exploit code works on OS X version 10.9.5 through 10.10.5. However, Apple has already fixed the issue in El Capitan 10.11, which is currently in beta. Todesco posted details of his findings, along with a patch for them on GitHub. He said that he’d notified Apple of the issues a few hours before publishing them. If you’re running any of the affected versions of OS X, you’d do well to consider Todesco’s patch; bear in mind that it’s an unofficial fix, so use it at your own risk. We’ve contacted Apple and will update this post if we hear back. ➤ Italian teen finds two zero-day vulnerabilities in OS X [PC World] Read next: New OS X exploit breaks Keychain’s security, exposes passwords
