Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5

Just days after patching the DYLD_PRINT_TO_FILE vulnerability with a new OS X point release, Apple's desktop operating system has been hit with yet another zero-day exploit that would allow an attacker to gain root access without using a password.

The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks —  including a null pointer dereference in OS X's IOKit —  to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite, but seems to have been mitigated in OS X El Capitan, which is nearing release.

Todesco did not disclose the problem to Apple before sharing it publicly early Sunday, so it remains to be seen how quickly the company will respond.

Many computer security researchers condemn such reckless action, arguing that companies should be given time to issue patches for bugs that could harm consumers, while others have become frustrated at the slow pace of response. Apple has a somewhat checkered past with OS X security updates, but has shown improvement in recent months —  the company patched the DYLD vulnerability less than a month after disclosure.

Apple has also taken steps to harden its operating system against attacks, announcing that OS X El Capitan would ship with a new security feature called "rootless." Rootless is designed to restrict third-party applications from modifying certain parts of the system — even if they are running as root —  in a manner similar to the more aggressive sandboxing in iOS.



92 Comments

The_Martini_Cat 13 Years · 485 comments

Is it safe to turn my computer off? Please advise soonest.

revenant 16 Years · 610 comments

These exploits are annoying, but glad someone is sharing it. And this is the closest to an unbiased report I have read.

MacPro 19 Years · 19846 comments

[quote name="revenant" url="/t/187735/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10-10-5#post_2761807"]These exploits are annoying, but glad someone is sharing it. And this is the closest to an unbiased report I have read.[/quote] Really? Wouldn't you have preferred he shared with Apple first?

huskyoffset 13 Years · 8 comments

[quote name="digitalclips" url="/t/187735/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10-10-5#post_2761809"][quote name="revenant" url="/t/187735/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10-10-5#post_2761807"]These exploits are annoying, but glad someone is sharing it. And this is the closest to an unbiased report I have read.[/quote] Really? Wouldn't you have preferred he shared with Apple first?[/quote] I'm with digitalclips on this one. Not notifying the software author first, and giving them some time to release a patch before public disclosure, is pure asshattery, in my opinion.