“tpwn is a vulnerability that affects OS X 10.9.5 Mavericks through OS X 10.10.5 Yosemite, but does not affect the currently-in-beta OS X 10.11 El Capitan,” Rene Ritchie reports for iMore.
“With tpwn, malicious code on your Mac could escalate its privileges — gain ‘root’ access — and potentially exploit the system,” Ritchie reports. “The vulnerability was released without warning — also known as a 0day — and without prior disclosure to Apple. That means Apple learned about it pretty much when the rest of the world did.”
“There’s no indication of attacks based on twpn ‘in the wild’ and so the vast majority of people have very little to be concerned about at the moment. twpn would also need to be used in conjuncture with something else, like a social engineering attack that conned you into letting it onto your Mac, before it could do anything,” Ritchie reports. “So, the usual advice applies: Don’t download software from any source you don’t absolutely trust.”
Read more in the full article here.
MacDailyNews Note: Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.
Teen uncovers two zero-day vulnerabilities in OS X – August 17, 2015