Keeping your Apple Mac Secure Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 08/18/2015 5:36:57 PM PDT by Swordmaker
tpwn is a vulnerability that affects OS X 10.9.5 Mavericks through OS X 10.10.5 Yosemite, but does not affect the currently-in-beta OS X 10.11 El Capitan. With tpwn, malicious code on your Mac could escalate its privileges—gain "root" access—and potentially exploit the system. The vulnerability was released without warning—also known as a 0day—and without prior disclosure to Apple. That means Apple learned about it pretty much when the rest of the world did.
tpwn is a privilege escalation exploit, which means, to use a bad analogy, it's like a thief that can't break into your house by itself. It needs help to get in. Once in, however, it can break open your safe and rummage around. The vulnerability was disclosed on GitHub, and Macworld followed up with the researcher to get the specifics:
The exploit uses two bugs to cause a memory corruption in OS X's kernel, he wrote via email.
The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell.
The exploit code works in OS X versions 10.9.5 through 10.10.5. It is fixed in OS X 10.11, the beta version of the next Apple OS nicknamed El Capitan.
Apple learned about the problem a couple of hours before the rest of the world so it will take the company some time to develop, test, and push out a patch for Mavericks and Yosemite.
It is, however, already patched in the beta versions of OS X El Capitan, likely due to other changes made for Apple's upcoming version of the Mac OS.
Worry is a strong word. There's no indication of attacks based on twpn "in the wild" and so the vast majority of people have very little to be concerned about at the moment. twpn would also need to be used in conjuncture with something else, like a social engineering attack that conned you into letting it onto your Mac, before it could do anything.
So, the usual advice applies: Don't download software from any source you don't absolutely trust. That means the Mac App Store, major vendors like Microsoft or Adobe, and trusted developers, and even then only from direct links. Also, don't give someone you don't absolutely trust unfettered access to your Mac.
Apple is also delivering new technologies with OS X El Capitan, including System Integrity Protection which limits what malware can do even if it escalates to root privileges.
As soon as Apple has a patch ready, we'll let you know!
If you want on or off the Mac Ping List, Freepmail me.
It can provide a measure of protection when downloading software from sites you're not familiar with.
But as always, be careful when downloading from untrusted sites!
Like all anti-virus software for OS X, it turns OFF GateKeeper to work so that IT can find the Trojans that may come in. I don't recommend using it. Most other Mac experts take the same approach to Mac anti-virus.
Apple's GateKeeper will recognize all known Trojans and their families of variants and warn the user before allowing them to download. It is a system level protection and operates without taking any system resources or making a hit on operations.
A/V is not a system level operator and needs the download to occur first and be loaded into some area of memory for scan, so on install, it de-activates GateKeeper to disable all such warnings. That is NOT a good thing.
Many of the other Mac Anti-Virus solutions are worse than the problems they are designed to prevent. . . adding performance hits that are unacceptable for little gain. As I said, they all turn off Apple's own native protections that are working quite well.
These are a MAJOR waste of space.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.