Apple recently rolled out OS X 10.10.5 to fix a slew of security issues. However, one vulnerability wasn’t patched. An Italian teenager, who looks for security vulnerabilities in his spare time, has discovered a new zero-day vulnerability.
Luca Todesco released his findings of the zero-day vulnerability found in OS X 10.9.5 and OS X 10.10.5, the latest shipping version of Apple’s desktop and laptop operating system.
Todesco discovered the vulnerability in how OS X handles NULL pointers in programs, opening an opportunity for malicious code to bypass the operating system’s defenses.
However, the exploit would require a user to physically accept to execute any malicious code. Though, as we have seen before, attackers are quite good at mimicking traditional legitimate apps are tricking users with social engineering.
The 18-year-old Todesco even delivered a proof-of-concept tool that would exploit the vulnerability he discovered, which has garnered him a lot of criticism.
Apple has yet to comment on whether they will seek to mitigate the newly discovered zero-day vulnerability immediately, or wait until OS X 10.11 El Capitan ships (the beta version reportedly already thwarts this particular attack).