PCWorld is reporting that a new zero-day vulnerability has been found for OS X, which affects versions of OS X from 10.9.5 through to the recently-released 10.10.5. The problem comes from how NULL pointers in programs are handled, where malicious programs may use a special condition to bypass the default location where NULL code is directed to, and allow the program to bypass OS X’s security. Continue reading
The Thunderstrike exploit that affected a number of Mac systems with Thunderbolt ports, and gave an attacker with physical access to the system the ability to overtake the system’s ROM with a maliciously crafted Thunderbolt device. This attack was outlined by security researcher Trammell Hudson, and has been fixed in OS X 10.10.2, so for those who are concerned about their systems being vulnerable, this update should address the problem. Continue reading
A long-standing but recently revealed security hole in the EFI boot ROM in OS X system may allow attackers to take over Apple hardware that shipped with a Thunderbolt port.
In the upcoming Chaos Communications Congress in Germany, the attack, which was found by researcher Trammell Hudson, will allow a compromised Thunderbolt device to modify the ROM of a vulnerable Mac, which then could compromise the ROM Continue reading
A relatively long-standing vulnerability in OS X has been uncovered by a Swedish hacker, Emil Kvarnhammar, who has dubbed it “rootpipe” by the so-far undisclosed method in which it can be used to take control of your Mac. In this vulnerability, a flaw allows a hacker to gain administrative access of a system without supplying a password, and then be able to interact with your Mac as an administrator. Continue reading