Just days after Apple patched the DYLD_PRINT_TO_FILE security hole with the release of OS X 10.10.5, a developer has found a similar unpatched exploit that could allow attackers to gain root-level access to a Mac.

Luca Todesco shared information (via AppleInsider) on the "tpwn" exploit on GitHub over the weekend. It affects all versions of OS X Yosemite, including OS X 10.10.5, but does not affect OS X El Capitan.

tpwnvulnerability
Todesco did not give Apple a heads up on the vulnerability before sharing it publicly, so it is not clear when Apple will release a patch for machines running OS X Yosemite. As noted by AppleInsider, it is standard procedure (and a courtesy) for security researchers and developers to provide Apple with details on vulnerabilities before publicizing them to prevent hackers from using security holes for nefarious purposes.

According to Todesco, who has also shared what he says is a third-party fix, releasing details on the exploit is no different than releasing an iOS jailbreak, but as Engadget explains, Todesco's actions have the potential to be somewhat more harmful than a jailbreak.

Those are technically true, but they downplay the practical dangers of publishing this info. Many people aren't knowledgeable enough to try third-party safeguards or deal with the possible side effects, and jailbreaks are at least intended for semi-innocuous purposes. A 'surprise' exploit for the Mac only really serves to give attackers time that they wouldn't otherwise have.

It took Apple less than a month to release OS X 10.10.5 to fix the DYLD_PRINT_TO_ACCESS vulnerability after it was first publicized, but during the time between its discovery and the launch of the fix, an exploit using the vulnerability was discovered in the wild.

Ahead of a fix for this latest vulnerability, OS X Yosemite users can protect themselves by downloading apps solely from the Mac App Store and from trusted developers.

Top Rated Comments

pepan Avatar
pepan
136 months ago
I read somewhere that he only gave Apple a few hour's notice before releasing it. He's a scumbag. And I have to say that the writer of this article is sort of a scumbag if that screenshot is the code for the vulnerability (If this is true, sorry Juli).
The screenshot is just a proof that compiling some code and running it works. However, not giving a company any chance to release a fix is something only a complete jerk would do.
Score: 10 Votes (Like | Disagree)
Rigby Avatar
Rigby
136 months ago
The screenshot is just a proof that compiling some code and running it works. However, not giving a company any chance to release a fix is something only a complete jerk would do.
Perhaps he had good reasons for doing this. For example, he might have evidence that the bug is already being exploited. If true, people can immdiately use the third-party fix he pointed to rather than waiting around for Apple to fix it. After all, they sometimes takes their sweet time ('http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/') ...

Also, I think his comparison to jailbreaks is apt. Essentially whenever a jailbreak is released, the jailbreakers publish privilege escalation bugs and a nice demo on how to exploit them.

Finally, one should keep in mind that he could just as well have sold the exploit on the black market for a fat check instead of just publishing it and then getting called "complete jerk" as a reward ...
Score: 7 Votes (Like | Disagree)
bradl Avatar
bradl
136 months ago
Front page news, surely?

Seems that it is now a race between Apple and malware writers make use of this information.
Again, this isn't of much use unless the attacker has physical or network access to your Mac. That isn't to say that this isn't any less of a vulnerability than those they've fixed, but this one also isn't something that someone can target a Mac with remotely, and instantly have root access.

tl;dr: a lot of variables have to fall into place at the right time for this to have any major impact to a single machine.

BL.
Score: 6 Votes (Like | Disagree)
bradl Avatar
bradl
136 months ago
I read somewhere that he only gave Apple a few hour's notice before releasing it. He's a scumbag. And I have to say that the writer of this article is sort of a scumbag if that screenshot is the code for the vulnerability (If this is true, sorry Juli).
close.. the screenshot is of the code being compiled by a non-root user and executed by the non-root user, showing how the privileges are escalated to become root.

Doesn't take away the fact that the guy was an idiot for releasing this the way he did.

Funnily enough, @i0n1c has a patch that can be applied to this.

BL.
Score: 6 Votes (Like | Disagree)
mijail Avatar
mijail
135 months ago
That may be true, but developers have a set of ethics (s)he should abide by.
If you want to assign developers ethics, then I guess you should start by mentioning the OS developers' ethics (meaning, Apple's). Apple:

* doesn't offer bug bounties
* sometimes doesn't even react to the bug reports
* when there's a reaction it uses to take months or more (and still some people praise them!?)
* doesn't always acknowledge the bug reporter
* doesn't EVEN make it easy to report and track bugs

So, again, what developer ethics are you talking about?
Score: 5 Votes (Like | Disagree)
gmanist1000 Avatar
gmanist1000
136 months ago
Note that this won't be patched AT ALL until AFTER El Capitan is released most likely.

10.10.5 is the final main update to Yosemite from what I heard via Apple Developer Support. They are soley focused on El Capitan from here on out.

That may change though (because this is Apple under Tim Cook. Anything can happen) Apple might still patch this via supplemental update.
They can easily just patch it with a security update, no need for 10.10.6 or anything like that.
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

iphone 17 models

No iPhone 18 Launch This Year, Reports Suggest

Thursday January 1, 2026 8:43 am PST by
Apple is not expected to release a standard iPhone 18 model this year, according to a growing number of reports that suggest the company is planning a significant change to its long-standing annual iPhone launch cycle. Despite the immense success of the iPhone 17 in 2025, the iPhone 18 is not expected to arrive until the spring of 2027, leaving the iPhone 17 in the lineup as the latest...
Read Full Article87 comments
apple intelligence black

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Tuesday December 30, 2025 9:01 am PST by
Apple's restrained artificial intelligence strategy may pay off in 2026 amid the arrival of a revamped Siri and concerns around the AI market "bubble" bursting, The Information argues. The speculative report notes that Apple has taken a restrained approach with AI innovations compared with peers such as OpenAI, Google, and Meta, which are investing hundreds of billions of dollars in data...
Read Full Article192 comments
apple fitness 2026 1

Apple Teases 'Something Big' Coming Soon to Apple Fitness+

Tuesday December 30, 2025 2:11 pm PST by
The Apple Fitness+ Instagram account today teased that the service has "big plans" for 2026. In a video, several Apple Fitness+ trainers are shown holding up newspapers with headlines related to Apple Fitness+. What's Apple Fitness+ Planning for the New Year? Something Big is Coming to Apple Fitness+ The Countdown Begins. Apple Fitness+ 2026 is Almost Here 2026 Plans Still Under ...
Read Full Article119 comments
iphone 17 pro dark blue 1

iPhone 17 Pro and Pro Max Users Report Static Speaker Noise While Charging

Tuesday December 30, 2025 10:39 am PST by
iPhone 17 Pro and Pro Max owners are having trouble with the speakers of their devices, and have complained about a static or hissing noise that occurs when the iPhone is charging. There are multiple discussions about the issue on Reddit, the MacRumors forums, and Apple's Support Community, where affected users say there is a noticeable static noise "like an old radio." Some people report...
Read Full Article153 comments
maxresdefault

Hands-On With a Rough iPhone Fold Mockup

Monday December 29, 2025 10:55 am PST by
Apple is rumored to be introducing a foldable iPhone in September 2026, and since it will bring the biggest form factor change since the iPhone was introduced in 2007, curiosity about the design is high. A 3D designer created an iPhone Fold design based on rumors, and we printed it out to see how it compares to Apple's current iPhones. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article145 comments
maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article187 comments
Mac Pro Feature Blue

What's Happening With the Mac Pro?

Wednesday December 31, 2025 9:59 am PST by
Apple hasn't updated the Mac Pro since 2023, and according to recent rumors, there's no update coming in the near future. In fact, Apple might be finished with the Mac Pro. Bloomberg recently said that the Mac Pro is "on the back burner" and has been "largely written off" by Apple. Apple apparently views the more compact Mac Studio as the ideal high-end pro-level desktop, and it has almost...
Read Full Article227 comments
macbook air march 2020

Apple Says Final Intel MacBook Air and Apple Watch Series 5 Now 'Vintage'

Wednesday December 31, 2025 8:39 am PST by
Apple today added the final 13-inch MacBook Air powered by Intel processors, the Apple Watch Series 5, and additional products to its vintage products list. The iPhone 11 Pro was also added to the list after the iPhone 11 Pro Max was added back in September. The full list of products added to Apple's vintage and obsolete list today: MacBook Air (Retina, 13-inch, 2020) iPhone 8 Plus 128GB ...
Read Full Article76 comments