U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

An Italian expert discovered two zero-day flaws in MAC OS X

An Italian security researcher has discovered two zero-day vulnerabilities in Apple MAC OS X that could be exploited to gain remote access to a PC. An Italian teenager, Luca Todesco, has found a couple of critical zero-day vulnerabilities in Apple OS X operating system that could be exploited to gain remote access to a PC. The […]

An Italian expert discovered two zero-day flaws in MAC OS X

An Italian security researcher has discovered two zero-day vulnerabilities in Apple MAC OS X that could be exploited to gain remote access to a PC.

An Italian teenager, Luca Todesco, has found a couple of critical zero-day vulnerabilities in Apple OS X operating system that could be exploited to gain remote access to a PC.

The expert discovered the security flaws in Apple OS X after Apple issued a security update of the MAC OS X Yosemite v10.10.5 (Security Update 2015-006) that fixed a local privilege escalation vulnerability that was used by some miscreants to load questionable programs onto computers.

MAC OS X Yosemite zero-day

Todesco, published the exploit code he developed on GitHub, it triggers two vulnerabilities to cause a memory corruption in OS X’s kernel and circumvent the kernel address space layout randomization (kASLR) used to prevent buffer overflow attacks.

The code published on GitHub also includes a patch called NULLGuard.

According Todesco, the attacker can run the exploit code to gain a root shell on the target OS X machine.

The exploit code works in OS X versions 10.9.5 through 10.10.5, the version OS X 10.11 fixed it.

Todesco reported the security issues to Apple “a few hours before the exploit was published.”

“This is not due to me having issues with Apple’s patch policies/time frames, as others have incorrectly reported,” Todesco wrote.

Pierluigi Paganini

(Security Affairs – Mac OS X, zero-day)