The exploit should work on every edition of OS X, though El Capitan seems to have ways of mitigating the damage.
While Stagefright has been scaring the living daylights out of Android users for weeks, owners of Apple devices haven't been affected it, as the problem's unique to Google's OS. However, a new exploit for OS X machines has recently surfaced and in its own way, is just as destructive as Stagefright.
For OS X, the word to fear now is tpwn. That's the name given to the exploit Italian developer Luca Todesco discovered by using a combination of attacks that enabled him to drop a custom payload into a root shell. In essence, that means installing something in the root drive that gives outsiders access to the affect Mac, even if it's running the latest 10.10.5 update of Yosemite.
While exploits like these aren't entirely uncommon, the more remarkable news here is that Todesco chose to reveal the exploit publicly right out of the gate.
Usually, the procedure is to report the fault to the developers themselves and give them a grace period (Google's, for example, is 90 days) to work on a patch and to fix the issue. When the grace period is over, the developers are then free to release details of the exploit, whether a patch has been issued or not.
In this case, Todesco completely chose to forgo any reporting (which to be fair, is a courtesy instead of a hard rule) and opted to go public straight. The good news here is that unlike Stagefright, there's already an unofficial third party fix to the exploit. The bad news is that most people who don't really keep up to date with tech news will be vulnerable to the exploit unless Apple releases an official patch soon.
Apple has so far remained quiet on the issue with no word on their part even acknowledging the exploit or that they are working on a patch.
Source: Luca Todesco
Via: AppleInsider
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.