tpwn OS X exploit: What you need to know

MacBook Pro in low light
MacBook Pro in low light (Image credit: Rene Ritchie / iMore)

tpwn is a vulnerability that affects OS X 10.9.5 Mavericks through OS X 10.10.5 Yosemite, but does not affect the currently-in-beta OS X 10.11 El Capitan. With tpwn, malicious code on your Mac could escalate its privileges—gain "root" access—and potentially exploit the system. The vulnerability was released without warning—also known as a 0day—and without prior disclosure to Apple. That means Apple learned about it pretty much when the rest of the world did.

What does tpwn do?

tpwn is a privilege escalation exploit, which means, to use a bad analogy, it's like a thief that can't break into your house by itself. It needs help to get in. Once in, however, it can break open your safe and rummage around. The vulnerability was disclosed on GitHub, and Macworld followed up with the researcher to get the specifics:

The exploit uses two bugs to cause a memory corruption in OS X's kernel, he wrote via email.The memory corruption condition can then be used to circumvent kernel address space layout randomization (kASLR), a defensive technique designed to thwart exploit code from running. The attacker then gains a root shell.The exploit code works in OS X versions 10.9.5 through 10.10.5. It is fixed in OS X 10.11, the beta version of the next Apple OS nicknamed El Capitan.

Has Apple patched the problem?

Apple learned about the problem a couple of hours before the rest of the world so it will take the company some time to develop, test, and push out a patch for Mavericks and Yosemite.

It is, however, already patched in the beta versions of OS X El Capitan, likely due to other changes made for Apple's upcoming version of the Mac OS.

Do I need to worry about tpwn?

Worry is a strong word. There's no indication of attacks based on twpn "in the wild" and so the vast majority of people have very little to be concerned about at the moment. twpn would also need to be used in conjuncture with something else, like a social engineering attack that conned you into letting it onto your Mac, before it could do anything.

So, the usual advice applies: Don't download software from any source you don't absolutely trust. That means the Mac App Store, major vendors like Microsoft or Adobe, and trusted developers, and even then only from direct links. Also, don't give someone you don't absolutely trust unfettered access to your Mac.

Apple is also delivering new technologies with OS X El Capitan, including System Integrity Protection which limits what malware can do even if it escalates to root privileges.

As soon as Apple has a patch ready, we'll let you know!

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.