{"id":45451,"date":"2015-08-17T14:19:36","date_gmt":"2015-08-17T21:19:36","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=45451"},"modified":"2023-04-11T20:17:49","modified_gmt":"2023-04-12T03:17:49","slug":"teenager-os-x-zero-day","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/teenager-os-x-zero-day\/","title":{"rendered":"Teenager Finds OS X 10.10.5 Zero-Day Vulnerability, in His Spare Time"},"content":{"rendered":"

\"Zero-day\"<\/p>\n

Oh dear.<\/p>\n

Only days after Apple released OS X 10.10.5<\/a>, fixing a host of security flaws, a further serious (and as yet unpatched) vulnerability has been made public, by an Italian teenager who says he researches security holes in his spare time.<\/p>\n

Luca Todesco has released details of a zero-day vulnerability in OS X 10.9.5 and OS X 10.10.5, the latest shipping version of Apple’s desktop and laptop operating system.<\/p>\n

According to MacIssues<\/em><\/a>, the problem identified by Todesco lies in how OS X handles NULL pointers in programs, opening an opportunity for malicious code to bypass the operating system’s defenses.<\/p>\n

Fortunately, the attack does depend upon unsuspecting users downloading and agreeing to execute malicious code on their computer \u2014 although, as we all know, malicious hackers are experts at using social engineering<\/a> and compelling lures to trick the unwary into making unwise decisions.<\/p>\n

Some have already criticised 18-year-old Todesco for making available proof-of-concept code that exploits the unpatched OS X vulnerability, but on Twitter he appears to be unrepentant:<\/p>\n

\n

"considering filing a lawsuit against Todesco for his gross negligence in releasing the how-to for this exploit" – guns don't kill people<\/p>\n

— qwertyoruiop (@qwertyoruiopz) August 16, 2015<\/a><\/p><\/blockquote>\n