“An Italian teenager has found two zero-day vulnerabilities in Apple’s OS X operating system that could be used to gain remote access to a computer,” Jeremy Kirk reports for IDG News Service.
“Luca Todesco, 18, posted details of the exploit he developed on GitHub,” Kirk reports. “The exploit uses two bugs to cause a memory corruption in OS X’s kernel, he wrote via email. The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell.”
“The exploit code works in OS X versions 10.9.5 through 10.10.5. It is fixed in OS X 10.11, the beta version of the next Apple OS nicknamed El Capitan,” Kirk reports. “Todesco, who said he does security research in his spare time, said he notified Apple of the problems ‘a few hours before the exploit was published.'”
Read more in the full article here.
MacDailyNews Take: Gee, thanks for the “few hours” notice, asshat.
basta!
Yeah, that’s enough!
Wait…huh?
If Apple paid him a monthly stipend, he will graciously give them 30 days notice. Certainly he would hate to see something happen to Apple and Mac OS…
Think of it as a kind of insurance policy.
Forgetaboutit
Maybe Apple didn’t want to pay a monthly ransom.
That could be a terrible mistake. You knows, the boys get a little antsy and clumsy. Things start to break. Who knows the the whole thing could come down, accidentally like. This kid, he’s got a brother, an inspector of sorts. He should pay Apple a visit, let them know how to fix things that get broke.
/s
Such as it may be, Apple has been slow to fix some security issues. Second, there will be more hasty people like Luca Todesco. Third, my impression is that Apple is not exactly cooperative with all third parties on fixing bugs, including security bugs. Fourth, how did this bug slip thru.
Of these 4 aspects, 3 are in Apple’s court, but MDN take focussed on the non-Apple aspect.
This kid publishing it *IS* the big issue.
He tries to come across as a white hat hacker, but gives Apple only a few hours to fix a bug before he publishes the exploit? Doing that does NO ONE any good (other than getting his name out there for his 20 minute of fame).
Yes, Apple has been slow to fix some security issues. Name ONE, yes just one, company that has always fixed ALL security issues promptly. Even Google with its own outing list of other companies bugs and security faults has sometimes taken many, many months to fix some security bugs, and don’t get me started on Microsoft and the rest.
Apple *is* cooperative with most white hat security people. What Apple refuses to do is give those hackers the raw source code to the entire system — and believe it or not, some of those so called white hat hackers have demanded that kind of access. “If you want me to fully demonstrate the bug and help with a fix, then you must give me direct access to the raw code.” When Apple refuses those same hackers go ballistic and claim Apple won’t work with them. Yes, Apple will work with hackers, UP TO A POINT.
How did this bug slip through? It’s a complex bug. Anyone who has done a decent amount of programming (done it for more than a decade and more than just scripting) knows that bugs happen. They just do. I don’t think I’ve ever written a program that had more than a few thousand lines of code that did not have a bug. You just take your time and *eventually* you hope to dig them out and fix them.
On something as complex as OS X no one can envision all the possible routes through the software. No one. And, with nearly yearly updates to the code, it is literally impossible to squash every bug before the operating system gets into the wild.
I think hackers who publish exploits for hacking a system should be held accountable for the results, until the company owning the affected code has had a reasonable amount of time to fix it.
With that scenario, the companies should be incentivized to REWARD these people for informing them of the flaw, which would then encourage them to find more and quietly report them back to the company to fix.
Everyone wins.
Well, except for the asshats who would have exploited the flaw for illegal purposes. But f*** them anyway.
Its a good test for Apple! We all know at the same time, lets see how quickly Apple can patch the holes for their customers!
Didn’t you read the memo?
just started rewarding every totally uncovered vulnerability with a pair of Beats Solo2.
I guess ≠ anymore.
Harsh, wait, was it me saying this?
At least he was decent enough to tell Apple. Demonstrable Zero Days fetch $$$ on the black market.
If the fix exists in 10.11 beta already, it would appear Apple WAS aware of the issue.
Or it’s was fixed unexpected by reworking some of the existing code in such a way that the loophole was closed.
If you look at the exploit code, it’s no wonder that it works. We’re not talking about a simple “bug”… dozens of lines of code, loops, memory pressure, etc.
Looking at that code makes me have more respect for Apple engineers in trying to keep this stuff from being exploited.
Think of it like expecting a car company to build a small 2-seater car that is expected to pull 10 train-cars filled with coal.
This Italian teenager is basically brute-forcing the system into having a heart attack.
Your spot on. This is completely different than the root escalation issue that they had earlier.
He’s Italian, perhaps he tried to make Apple an offer they couldn’t refuse.
But they did anyway. 😉
MDN blames some poor kid for Apple’s error. Did Apple warn consumers about this problem?
I’m glad to read that the exploit was corrected for El Capitan which means Apple knew the problem existed. Should Apple have corrected this exploit for earlier versions of OS?
Maybe Tim should stop showering Billions on worthless shit like Beats and watches and hire some software auditors who know the difference between their ass and a hole in the ground.
He offers a free patch to fix the problem that requires you to enter your password. Gee, I think I’ll pass on that one…