Monday, August 17, 2015

The OS X _PAGEZERO Memory Exploit,
A vulnerability in 10.10.5 and 10.9.5


Oh surprise. A new bad memory management exploit. Who'd have guessed. /s

In an effort to offer more advanced user Mac security information, I'm posting this article about an article about an article about a discovery for those interested:

My most excellent colleague Topher Kessler published an article today at his most excellent MacIssues website today about a newly discovered exploit of OS X, of both 10.10.5 and 10.9.5 with the latest security update already applied.

New Zero-Day memory injection vulnerability discovered in OS X
August 17, 2015 by Topher Kessler
PCWorld is reporting that a new zero-day vulnerability has been found for OS X, which affects versions of OS X from 10.9.5 through to the recently-released 10.10.5. The problem comes from how NULL pointers in programs are handled, where malicious programs may use a special condition to bypass the default location where NULL code is directed to, and allow the program to bypass OS X’s security. . . .
Italian teen finds two zero-day vulnerabilities in Apple's OS X
Jeremy Kirk, IDG News Service, Aug 17, 2015 6:26 AM ET
An Italian teenager has found two zero-day vulnerabilities in Apple’s OS X operating system that could be used to gain remote access to a computer. 
The finding comes after Apple patched last week a local privilege escalation vulnerability that was used by some miscreants to load questionable programs onto computers. 
Luca Todesco, 18, posted details of the exploit he developed on GitHub. The exploit uses two bugs to cause a memory corruption in OS X’s kernel, he wrote via email. . . .
xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10.10.5, 0day at the time | poc||gtfo
cve-2015-???? poc ~ os x 10.10.5 kernel local privilege escalation 
vulnerability got burned in 10.11. . . .
If you're interested in this current exploit, be certain to read through all of Topher's article, listed at the top above. He has some extremely relevant advice to follow before playing with Luca Todesco's "Null Guard" patch tool.

NOTE: I've decided to make an effort to bring attention to these advanced-level-user issues because Apple has been sitting on these things for months on end, causing the company to acquire a lazy security reputation. I figure it can't hurt to bring more pressure to bear on Apple to get their, apparently, lazy security fingers busy writing patches. Security is, after all, everyone's most basic need.

ALSO NOTE: As Graham Cluley has recently pointed out, Apple has still not fully patched the Thunderstrike 2 EFI rootkit attack. We know Apple is working on it.

Coming Up: I'll post a spreadsheet of recent Apple CVE patches. It's long. *sigh*


No comments:

Post a Comment