Symantec has confirmed the existence of two new vulnerabilities in the Mac OS X operating system which, if exploited, could allow an attacker to escalate privileges on an affected computer in order to gain root access. While the vulnerabilities require the victim to voluntarily run an application in order for an attack to be successful, they represent a threat until a patch is published by Apple.
The vulnerabilities were discovered by Italian researcher Luca Todesco, who posted a proof-of-concept exploit to Github on August 16. Todesco said that he reported the issue to Apple a few hours before making it public. Apple has yet to publicly comment on the vulnerabilities.
Analysis by Symantec has confirmed that the proof-of-concept exploit works as described. The vulnerabilities are reported to affect OS X version 10.9.5 to 10.10.5. The beta for OS X 10.11 is understood to be not affected.
The exploit uses two different vulnerabilities to create a memory corruption in the OS X kernel. This is then used to bypass security features that block exploit code from running, providing the attacker with root access.
News of the new vulnerabilities comes days after another privilege escalation vulnerability was patched by Apple. The Apple Mac OS X Prior to 10.10.5 Multiple Security Vulnerabilities (CVE-2015-3760) enabled a malicious installer to gain root access to an affected computer, allowing it to install other unauthorized software.
There have been no reports of these latest vulnerabilities being exploited in the wild; however, the likelihood of attacks will increase as news spreads.
Until a patch for the vulnerability is issued, affected Mac OS X users are advised to exercise caution and only download and install new software from trusted sources.
Mac OS X users are advised to apply any security updates to the OS as soon as they become available.
Analysis of this vulnerability is ongoing and further updates may be published if new information is uncovered.