Just days after Apple patched the DYLD_PRINT_TO_FILE security hole with the release of OS X 10.10.5, a developer has found a similar unpatched exploit that could allow attackers to gain root-level access to a Mac.

Luca Todesco shared information (via AppleInsider) on the "tpwn" exploit on GitHub over the weekend. It affects all versions of OS X Yosemite, including OS X 10.10.5, but does not affect OS X El Capitan.

tpwnvulnerability
Todesco did not give Apple a heads up on the vulnerability before sharing it publicly, so it is not clear when Apple will release a patch for machines running OS X Yosemite. As noted by AppleInsider, it is standard procedure (and a courtesy) for security researchers and developers to provide Apple with details on vulnerabilities before publicizing them to prevent hackers from using security holes for nefarious purposes.

According to Todesco, who has also shared what he says is a third-party fix, releasing details on the exploit is no different than releasing an iOS jailbreak, but as Engadget explains, Todesco's actions have the potential to be somewhat more harmful than a jailbreak.

Those are technically true, but they downplay the practical dangers of publishing this info. Many people aren't knowledgeable enough to try third-party safeguards or deal with the possible side effects, and jailbreaks are at least intended for semi-innocuous purposes. A 'surprise' exploit for the Mac only really serves to give attackers time that they wouldn't otherwise have.

It took Apple less than a month to release OS X 10.10.5 to fix the DYLD_PRINT_TO_ACCESS vulnerability after it was first publicized, but during the time between its discovery and the launch of the fix, an exploit using the vulnerability was discovered in the wild.

Ahead of a fix for this latest vulnerability, OS X Yosemite users can protect themselves by downloading apps solely from the Mac App Store and from trusted developers.

Top Rated Comments

pepan Avatar
pepan
126 months ago
I read somewhere that he only gave Apple a few hour's notice before releasing it. He's a scumbag. And I have to say that the writer of this article is sort of a scumbag if that screenshot is the code for the vulnerability (If this is true, sorry Juli).
The screenshot is just a proof that compiling some code and running it works. However, not giving a company any chance to release a fix is something only a complete jerk would do.
Score: 10 Votes (Like | Disagree)
Rigby Avatar
Rigby
126 months ago
The screenshot is just a proof that compiling some code and running it works. However, not giving a company any chance to release a fix is something only a complete jerk would do.
Perhaps he had good reasons for doing this. For example, he might have evidence that the bug is already being exploited. If true, people can immdiately use the third-party fix he pointed to rather than waiting around for Apple to fix it. After all, they sometimes takes their sweet time ('http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/') ...

Also, I think his comparison to jailbreaks is apt. Essentially whenever a jailbreak is released, the jailbreakers publish privilege escalation bugs and a nice demo on how to exploit them.

Finally, one should keep in mind that he could just as well have sold the exploit on the black market for a fat check instead of just publishing it and then getting called "complete jerk" as a reward ...
Score: 7 Votes (Like | Disagree)
bradl Avatar
bradl
126 months ago
Front page news, surely?

Seems that it is now a race between Apple and malware writers make use of this information.
Again, this isn't of much use unless the attacker has physical or network access to your Mac. That isn't to say that this isn't any less of a vulnerability than those they've fixed, but this one also isn't something that someone can target a Mac with remotely, and instantly have root access.

tl;dr: a lot of variables have to fall into place at the right time for this to have any major impact to a single machine.

BL.
Score: 6 Votes (Like | Disagree)
bradl Avatar
bradl
126 months ago
I read somewhere that he only gave Apple a few hour's notice before releasing it. He's a scumbag. And I have to say that the writer of this article is sort of a scumbag if that screenshot is the code for the vulnerability (If this is true, sorry Juli).
close.. the screenshot is of the code being compiled by a non-root user and executed by the non-root user, showing how the privileges are escalated to become root.

Doesn't take away the fact that the guy was an idiot for releasing this the way he did.

Funnily enough, @i0n1c has a patch that can be applied to this.

BL.
Score: 6 Votes (Like | Disagree)
mijail Avatar
mijail
126 months ago
That may be true, but developers have a set of ethics (s)he should abide by.
If you want to assign developers ethics, then I guess you should start by mentioning the OS developers' ethics (meaning, Apple's). Apple:

* doesn't offer bug bounties
* sometimes doesn't even react to the bug reports
* when there's a reaction it uses to take months or more (and still some people praise them!?)
* doesn't always acknowledge the bug reporter
* doesn't EVEN make it easy to report and track bugs

So, again, what developer ethics are you talking about?
Score: 5 Votes (Like | Disagree)
gmanist1000 Avatar
gmanist1000
126 months ago
Note that this won't be patched AT ALL until AFTER El Capitan is released most likely.

10.10.5 is the final main update to Yosemite from what I heard via Apple Developer Support. They are soley focused on El Capitan from here on out.

That may change though (because this is Apple under Tim Cook. Anything can happen) Apple might still patch this via supplemental update.
They can easily just patch it with a security update, no need for 10.10.6 or anything like that.
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article240 comments
macbook pro blue green

When Will Apple Release the M5 MacBook Pro?

Wednesday March 26, 2025 4:53 pm PDT by
Apple regularly refreshes the MacBook Pro models, and a new version that uses M5 series chips is in the works. Apple just finished refreshing most of the Mac lineup with M4 chips, and now it's time for the M5. Rumors suggest that we could see the first M5 MacBook Pro models this fall. Design There have been no rumors of a design update for the M5 MacBook Pro models that are coming this...
Read Full Article117 comments
Apple Lumon Terminal Pro

Apple's Mac Site Features Fictional 'Lumon Terminal Pro'

Wednesday March 26, 2025 12:19 pm PDT by
Apple is going all out with promotions for the popular Severance Apple TV+ show today, and as of right now, you'll find a new "Lumon Terminal Pro" listed on Apple's Mac site. The Lumon Terminal Pro is designed to look similar to the machines that Severance employees like Mark S. and Helly R. use for macrodata refinement. The Terminal features a blue keyboard, a small display with wide...
Read Full Article107 comments
Facebook Feature

Facebook's New iPhone App Feature Turns the Clock Back to 2007

Thursday March 27, 2025 1:59 pm PDT by
In the mid-to-late 2000s, Facebook was all about staying connected with friends and family. However, as the social media platform added new features and grew over time, that core experience began to get drowned out. That changes starting now, according to Meta, which today introduced a new feature that will "bring back the joy" of classic Facebook. Specifically, Meta has redesigned the...
Read Full Article111 comments
Generic iOS 18

iOS 18.4 Coming Soon With These New Features for Your iPhone

Tuesday March 25, 2025 6:45 am PDT by
Apple is expected to release iOS 18.4 to the general public as soon as next week, following more than a month of beta testing. Apple's website says some iOS 18.4 features will be released in "early April," so the update should be out as early as Tuesday, April 1. Apple this week seeded the iOS 18.4 Release Candidate, which is typically the final beta version, barring the discovery of any...
Read Full Article14 comments
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Supports 8K Video Recording, Suggests Leaker [Updated]

Wednesday March 26, 2025 4:06 am PDT by
Update 7:25 pm: Based on comments from our forums, it appears the original Weibo post may have been mistranslated and "8K" actually refers to the high price of the device rather than 8K video recording capabilities. The iPhone 16 Pro currently starts at 7,999 yuan in China. Our original article follows below. Apple's forthcoming iPhone 17 Pro models are capable of shooting 8K video, up...
Read Full Article94 comments
iOS 18

iOS 18.4 Expected Next Week - Here Are the Release Notes

Friday March 28, 2025 2:01 pm PDT by
With the second release candidate of iOS 18.4 that Apple seeded out today, the company finally provided us with release notes that give a full rundown on what to expect. There's an Apple Vision Pro app, new Apple Intelligence features for notifications and additional language support, plus an Apple News Food feature for Apple News+ subscribers, and several updates that should improve the...
Read Full Article37 comments
iOS 18 4 Ambient Music Control Center

How to Use iOS 18.4's New Ambient Music Feature in Control Center

Thursday March 27, 2025 7:45 am PDT by
The upcoming iOS 18.4 update for the iPhone adds an Ambient Music feature to Control Center. Below, we take a closer look at how it works. iOS 18.4 is currently in beta, so the Ambient Music feature is not widely available yet. The update will likely be released to the general public next week. To use the feature on iOS 18.4, open Control Center and tap on the plus sign in the top-left...
Read Full Article42 comments
Foldable iPhone 2023 Feature 1

'iPhone Fold' to Feature Metallic Glass Hinge That Resists Deformation

Thursday March 27, 2025 4:21 am PDT by
Last week, we covered a report claiming that Apple's book-style foldable iPhone (or "iPhone Fold," as we are provisionally calling it here) will use liquid metal hinges to improve durability and help minimize screen creasing. Today, a Chinese leaker provided more details on the properties of this hinge material that help to clarify why Apple chose it for its first foldable device. According...
Read Full Article111 comments