Latest in Apple

Image credit:

Developer reveals Mac security hole without telling Apple

319 Shares
Share
Tweet
Share
Save

Sponsored Links

Typically, coders and researchers who discover security vulnerabilities in software will tell the companies involved before posting their findings -- it's a courtesy to make sure that those holes are patched before attackers can use them. Don't tell that to developer Luca Todesco, though. He recently posted details of an OS X exploit, "tpwn," that lets intruders get root-level access to your Mac (even if it's running the recent 10.10.5 update) without even telling Apple, let alone waiting for a patch. It's now a race between the Cupertino crew and malware writers to make use of the discovery.

We've reached out to Apple to find out what it's doing in response to the flaw, and we'll let you know if it has something to share. However, Todesco isn't about to have a change of heart. He contends that an unofficial solution will protect you if you're not willing to wait, and that this isn't any different than publishing details of an iOS jailbreak (which takes advantage of security flaws to let you install unofficial software). Those are technically true, but they downplay the practical dangers of publishing this info. Many people aren't knowledgeable enough to try third-party safeguards or deal with the possible side effects, and jailbreaks are at least intended for semi-innocuous purposes. A 'surprise' exploit for the Mac only really serves to give attackers time that they wouldn't otherwise have.

Update: We understand that the exploit should be fixed as of OS X El Capitan, and that Apple is in touch with Todesco. Also, this attack typically requires some user intervention, so you can reduce the chances of an attack by downloading from and visiting only those sites you trust.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
319 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Alphabet's rebooted robotics program starts with trash-sorting machines

Alphabet's rebooted robotics program starts with trash-sorting machines

View
Watch Al Pacino hunt Nazis in Jordan Peele's upcoming Amazon series

Watch Al Pacino hunt Nazis in Jordan Peele's upcoming Amazon series

View
AT&T will bring real 5G to millions of customers this year

AT&T will bring real 5G to millions of customers this year

View
Tesla's electric ATV matches well with the Cybertruck

Tesla's electric ATV matches well with the Cybertruck

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr