Another OS X to mention the right vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201565931
Type myhack58
Reporter 佚名
Modified 2015-08-19T00:00:00


! /Article/UploadPic/2015-8/2015819144820242.jpg

If you are using OS X Yosemite,have a look at this article,the malicious software takes advantage of a new way to control your Mac.

In the Appleoperating systemhas been found a vulnerability,the vulnerability can be in the absence of the owner of the license the case of the PC on the ordinary software to get root permissions,allow the suspicious application to install new programs,create user,delete user,junk files consume system space and other operations.

An 1 8-year-old Italian Luca Todesco this week onTwitterrelease the vulnerability details,such as the use of the program code,as well as temporary solutions.

In OS X 10.9. 5 to 1 0. 1 0. 5 version are the presence of the vulnerability. Also in the beta of OS X El Capitan,aka OS X 10.11,not the same programming error.

This security vulnerability is the core is actually two issues combined together,through the use ofIOKitLibso that the normal application access to the device a interface.

According to Todesco of the description,if you call the library inIOServiceOpenfunction uses an invalid owningTask parameter,a kernel-levelIOUserClientwill pass a null pointer to the calling task. This pointer through theoperating systemto operate,and for in memory to find a set a bit variable. By the control in the Address 0 of the memory page,the attacker can know that these bit set the position,so that the operation of the kernel memory,and eventually obtaining the complete kernel-level privileges to perform the control.

“This is not the world's most hard-to-find bugs.” Todesco adds.

This is in 1 0. 1 0. 4 on the case,but 1 0. 1 0. 5 also nothing different.

--Luca Todesco (@qwertyoruiop) 2 0 1 5 year 8 month 1 5 day.

Todesco said that he would a bug report to the Apple engineers,and on Sunday theexploit code uploaded to Githubon the public,because he felt compelled to do so.

“I worked on a blog post in the vague open it. I reported to Apple just because,you should know,Apple may simply not pay attention to my articles.” He said,“If the not have to public,I will wait until 1 0. 1 to 1. But because there are already bad guys started to use the[local privilege escalation vulnerability] is.”

The security vulnerability also without the patch there,unless you upgrade to OS X El Capitan。 Still using Yosemite Mac users will have to ensure that they are running has only trust the signature of the application program,and pray no one of their machines for remote code execution. If multiple users share a machine,which any user can exploit this vulnerability to gain administrator-level control.

Todesco also released a namedNULLguardthe kernel extension,it can stop the application,use the zero page-then stop the program,it can use the vulnerability,but now recommend that people install Stefan EsserSUIDGuard,functions just the opposite.

IOKitLib defects appear soon after,Apple fixes the same exists in OS X YosemiteDYLD_PRINT_TO_FILEprivilege escalation vulnerability.