Developer Skips Reporting OS X Security Hole to Apple

And now, a new report has surfaced, which is only adding more thorns to Apple’s stiff security claims.

According to Todesco, the memory corruption can be used to circumvent kernel address space layout randomization, which acts as a defense technique for stopping exploit code from running.

The exploit works in 10.9.5 through to 10.10.5 versions of OS X. One good news for OS X lovers is that this exploit has been fixed in the upcoming El Capitan update. Typically, coders and researchers who discover security vulnerabilities in software will tell the companies involved before posting their findings – it’s a courtesy to make sure that those holes are patched before attackers can use them.

Fortunately for Apple, the bug doesn’t appear to be available in OS X El Capitan, which is scheduled for release later this fall.

He also developed a patch called NULLGuard, which he’s included in the GitHub material.

Apple officials could be not immediately reached for comment. Since he does not have a Mac developer certificate, he wrote that he can’t distribute an easy-to-install version of the patch.

We’ve contacted Apple and will update this post if we hear back.

Say a few years ago, when the topic of OS X versus Windows came up, the favorite argument that was used is that OS X is more secure than Windows as there are less cases of malware and viruses attacking the system.

This exploit was discovered just after the latest patch that Apple released last week to prevent attackers and miscreants from loading programs onto computers through remote access.