Two zero-day flaws found in MAC OS X after DYLD_PRINT_TO_FILE for local privilege escalation

Luca Todesco,an Italian security researcher,Found two zero day vulnerability after apple last week patched "DYLD_PRINT_TO_FILE" Exploit which allow attackers to gain root access and access mac system without password|Credential.This vulnerability allow to gain remote access to mac system.

Luco designed an exploit to to gain root access in mac system.Researchers also published the exploit on github. As attacker try to attack on mac using Luco code,it triggers two vulnerabilities to bring about a memory defilement in OS X's part and evade the kernel address space layout randomization (kASLR),which is used to prevent mac from buffer overflow attack.Researchers used the defensive technique of mac to gain root shell in mac system.

As per Luco Todesco,a Researcher,attacker can use the exploit code to gain root access upto 10.10.5 version of the mac OS x.Apart from the exploit code,Luco also developed the patch for the vulnerability called NULLGUARD which is available on github. He failed to deliver the easy to install patch as he doesn't have a mac developer certificate.

Post a Comment