ahlam1399
08-18-2015, 04:05 AM
Just days after Apple *****ed the DYLD_PRINT_TO_FILE security hole with the release of OS X 10.10.5 (http://www.macrumors.com/2015/08/13/os-x-10-10-5-release-dyld-fix/), a developer has found a similar un*****ed exploit that could allow attackers to gain root-level access to a Mac.
Luca Todesco shared (https://twitter.com/qwertyoruiop/status/632664642058371072) information (via AppleInsider (http://appleinsider.com/articles/15/08/16/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10105)) on the "tpwn" exploit on GitHub (https://github.com/kpwn/tpwn) over the weekend. It affects all versions of OS X Yosemite, including OS X 10.10.5, but does **t affect OS X El Capitan.
http://cdn.macrumors.com/article-new/2015/08/tpwnvulnerability.jpg
Todesco did **t give Apple a heads up on the vulnerability before sharing it publicly, so it is **t clear when Apple will release a ***** for machines running OS X Yosemite. As **ted by AppleInsider (http://appleinsider.com/articles/15/08/16/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10105), it is standard procedure (and a courtesy) for security researchers and developers to provide Apple with details on vulnerabilities before publicizing them to prevent ******s from using security holes for nefarious purposes.
According to Todesco (https://twitter.com/qwertyoruiop/status/632966294804017153), who has also shared what he says is a third-party fix (https://twitter.com/qwertyoruiop/status/633287330992926720), releasing details on the exploit is ** different than releasing an iOS jailbreak, but as Engadget (http://www.engadget.com/2015/08/17/tpwn-mac-security-exploit/) explains, Todesco's actions have the potential to be somewhat more harmful than a jailbreak.Those are technically true, but they downplay the practical dangers of publishing this info. Many people aren't k**wledgeable e**ugh to try third-party safeguards or deal with the possible side effects, and jailbreaks are at least intended for semi-in**cuous purposes. A 'surprise' exploit for the Mac only really serves to give attackers time that they wouldn't otherwise have.It took Apple less than a month to release OS X 10.10.5 to fix the DYLD_PRINT_TO_ACCESS vulnerability after it was first publicized (http://arstechnica.com/security/2015/07/bug-in-latest-version-of-os-x-gives-attackers-unfettered-root-privileges/), but during the time between its discovery and the launch of the fix, an exploit using the vulnerability was discovered in the wild (https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/).
Ahead of a fix for this latest vulnerability, OS X Yosemite users can protect themselves by downloading apps solely from the Mac App Store and from trusted developers.
http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/1/rc.img (http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/1/rc.htm)
http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/2/rc.img (http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/2/rc.htm)
http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/3/rc.img (http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/3/rc.htm)
http://da.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2.img (http://da.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2.htm)
http://adchoice.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/ach.img (http://adchoice.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/ach.htm)http://pi.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2t.imghttp://pi2.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2t2.imghttp://rss.feedsportal.com/c/35070/f/648326/s/490fc187/sc/28/mf.gifhttp://feeds.feedburner.com/~ff/MacRumors-All?d=yIl2AUoC8zA (http://feeds.macrumors.com/~ff/MacRumors-All?a=t9UGa_qmGXY:gJXuYIuA1ng:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=t9UGa_qmGXY:gJXuYIuA1ng:6W8y8wAjSf4)
http://feeds.feedburner.com/~r/MacRumors-All/~4/t9UGa_qmGXY
أكثر... (http://www.macrumors.com/2015/08/17/os-x-10-10-5-tpwn-vulnerability/)
Luca Todesco shared (https://twitter.com/qwertyoruiop/status/632664642058371072) information (via AppleInsider (http://appleinsider.com/articles/15/08/16/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10105)) on the "tpwn" exploit on GitHub (https://github.com/kpwn/tpwn) over the weekend. It affects all versions of OS X Yosemite, including OS X 10.10.5, but does **t affect OS X El Capitan.
http://cdn.macrumors.com/article-new/2015/08/tpwnvulnerability.jpg
Todesco did **t give Apple a heads up on the vulnerability before sharing it publicly, so it is **t clear when Apple will release a ***** for machines running OS X Yosemite. As **ted by AppleInsider (http://appleinsider.com/articles/15/08/16/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10105), it is standard procedure (and a courtesy) for security researchers and developers to provide Apple with details on vulnerabilities before publicizing them to prevent ******s from using security holes for nefarious purposes.
According to Todesco (https://twitter.com/qwertyoruiop/status/632966294804017153), who has also shared what he says is a third-party fix (https://twitter.com/qwertyoruiop/status/633287330992926720), releasing details on the exploit is ** different than releasing an iOS jailbreak, but as Engadget (http://www.engadget.com/2015/08/17/tpwn-mac-security-exploit/) explains, Todesco's actions have the potential to be somewhat more harmful than a jailbreak.Those are technically true, but they downplay the practical dangers of publishing this info. Many people aren't k**wledgeable e**ugh to try third-party safeguards or deal with the possible side effects, and jailbreaks are at least intended for semi-in**cuous purposes. A 'surprise' exploit for the Mac only really serves to give attackers time that they wouldn't otherwise have.It took Apple less than a month to release OS X 10.10.5 to fix the DYLD_PRINT_TO_ACCESS vulnerability after it was first publicized (http://arstechnica.com/security/2015/07/bug-in-latest-version-of-os-x-gives-attackers-unfettered-root-privileges/), but during the time between its discovery and the launch of the fix, an exploit using the vulnerability was discovered in the wild (https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/).
Ahead of a fix for this latest vulnerability, OS X Yosemite users can protect themselves by downloading apps solely from the Mac App Store and from trusted developers.
http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/1/rc.img (http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/1/rc.htm)
http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/2/rc.img (http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/2/rc.htm)
http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/3/rc.img (http://rc.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/rc/3/rc.htm)
http://da.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2.img (http://da.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2.htm)
http://adchoice.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/ach.img (http://adchoice.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/ach.htm)http://pi.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2t.imghttp://pi2.feedsportal.com/r/234567382482/u/49/f/648326/c/35070/s/490fc187/sc/28/a2t2.imghttp://rss.feedsportal.com/c/35070/f/648326/s/490fc187/sc/28/mf.gifhttp://feeds.feedburner.com/~ff/MacRumors-All?d=yIl2AUoC8zA (http://feeds.macrumors.com/~ff/MacRumors-All?a=t9UGa_qmGXY:gJXuYIuA1ng:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=t9UGa_qmGXY:gJXuYIuA1ng:6W8y8wAjSf4)
http://feeds.feedburner.com/~r/MacRumors-All/~4/t9UGa_qmGXY
أكثر... (http://www.macrumors.com/2015/08/17/os-x-10-10-5-tpwn-vulnerability/)