If you’re using OS X Yosemite, watch out for malware exploiting a new way to take complete control of your Mac.
A vulnerability has been found in Apple’s operating system that allows ordinary software on the computer to gain all-powerful root privileges, allowing dodgy apps to install new programs, create users, delete users, trash the system, and so on, without the owner’s permission.
Someone who describes themselves on Twitter as an 18-year-old Italian called Luca Todesco has this week pointed out details of the flaw, example code to exploit it, and software to mitigate it.
The vulnerability exists in OS X from version 10.9.5 to 10.10.5, the latest official build of Apple’s operating system. OS X El Capitan, aka OS X 10.11, which is in public beta, does not suffer from the same programming blunder.
At the heart of the security hole are really two issues that together can be exploited via IOKitLib, an interface for accessing devices from normal applications.
According to Todesco, if you call the library’s
IOServiceOpen function with an invalid
owningTaskparameter, a kernel-level
IOUserClient will be passed a NULL pointer for the calling task. This pointer makes its way through more of the OS and is used to locate a variable in memory where a bit is set. By controlling the page of memory at address zero, an attacker can direct where these bits are set, and thus manipulate the kernel’s memory, and eventually seize control of execution with full kernel-level privileges.
View full story