Italian security researcher Luca Todesco has published PoC exploit code for a newly discovered zero-day privilege escalation flaw affecting OS X Yosemite (v10.10) and Mavericks (v10.9).
Apple has pushed out updates for OS X Yosemite, OS X Server, iOS and Safari, fixing a bucketload of critical and less critical vulnerabilities.
Security researcher Benjamin Kunz Mejri from Vulnerability Lab has discovered a serious vulnerability in Apple's App Store and iTunes web apps, which can lead to "session hijacking, persistent phishing attacks, persistent redirect to external sources and persistent manipulation of affected or connected service module context." Luckily, the researcher decided to share his discovery with Apple first, so that the company could fix the issue.
Security researcher Stefan Esser has revealed the existence of a privilege escalation vulnerability affecting OS X 10.10 (Yosemite), and has provided a working proof of concept local exploit that installs a root shell on the target machine.
Starting with OS X 10.11 ("El Capitan") and iOS 9, Apple will introduce a two-factor authentication option that will replace the current two-step verification one.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.