18-year-old Luca Todesco disclosed two vulnerabilities zero-day in OS X that could be exploited by an attacker to gain remote access access on the computer running Apple's operating system, as reported by PC World.
Todesco's exploit uses two corrupt memory errors found in the kernel of OS X. This state can be used to bypass built-in safeguards by giving the attacker access to a root shell.
The exploit of 18 time works flawlessly in the versions of OS X 10.9.5 and 10.10.5. However, Apple seems to have already fixed the issue in El Capitan 10.11, which is currently in beta format.
Todesco published details of his findings, along with a patch for those interested in GitHub. The researcher reported that he shared the issues security at Apple a few hours before they were published.
If you are using any of the affected versions of OS X, you can apply the patch that Todesco provided.
Of course you should know that it is an informal patch and you should use it at your own risk.
