18-year-old Luca Todesco has uncovered two zero-day vulnerabilities in OS X that could be exploited to remotely gain access to a computer, reports PC World.
Todesco’s exploit uses two bugs to corrupt memory found in the OS X kernel. This condition can be used to circumvent built-in safeguards against intrusions and grant the attacker access to a root shell.
His exploit code works on OS X version 10.9.5 through 10.10.5. However, Apple has already fixed the issue in El Capitan 10.11, which is currently in beta.
Todesco posted details of his findings, along with a patch for them on GitHub. He said that he’d notified Apple of the issues a few hours before publishing them.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
If you’re running any of the affected versions of OS X, you’d do well to consider Todesco’s patch; bear in mind that it’s an unofficial fix, so use it at your own risk.
We’ve contacted Apple and will update this post if we hear back.
➤ Italian teen finds two zero-day vulnerabilities in OS X [PC World]
Read next: New OS X exploit breaks Keychain’s security, exposes passwords
Get the TNW newsletter
Get the most important tech news in your inbox each week.