An Italian teenager has found two zero-day vulnerabilities in Mac OS X operating system that could be used to gain remote access to a Mac, reports the IDC News Service (http://tinyurl.com/nmvps79).
Eighteen-year-old Luca Todesco posted details of the exploit he developed on GitHub. The exploit uses two bugs to cause a memory corruption in OS X’s kernel, he wrote via email.
The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell.
The exploit code works in OS X versions 10.9.5 through 10.10.5. IDG says it’s fixed in the latest beta version of El Capitan.
