Apple Still Hasn't Patched a Zero-Day Vulnerability in OS X

By Tom Pritchard on at

It seems like you can't go more than a couple of days before a new serious flaw is discovered in major software, but it only really becomes a problem if the powers that be don't fix it. So far, that seems to be the case with a zero-day vulnerability that affects OS X Mavericks and Yosemite.

Apparently the kernel-level flaw was discovered by 18-year old security researcher Luca Todesco last week. While the problem isn't a concern for people running the El Capiten beta, it still remind unfixed in the two versions of Apple's operating system.

The exploit is known as tpwn, and works by fusing together two vulnerabilities that affect memory processes at kernel level. That means hackers could potentially gain root-level access to the machine, though it can only be achieved if the user launches a malicious file or piece of software from the internet.

Apple is supposed to be testing a patch to fix the issue now, but there is a way to mitigate the threat for yourself right now. According to a Github post by Todesco, running the SUIDGuard tool developed by Stefan Esser makes it a lot more difficult for would-be attackers to run kernel-level exploits. You should also remember not to trust strange files from the internet. [Threat Post via TechRadar Pro]