Symantec has confirmed the existence of two new vulnerabilities, which are security holes in software, in Mac OS X operating systems originally discovered by Italian researcher Luca Todesco. These vulnerabilities have the potential to allow an attacker to gain remote access to a computer and control it or plant malware. In order to be exploited, the vulnerabilities need the victim to voluntarily run an application.

The vulnerabilities affect OS X versions Mavericks 10.9.5 up to Yosemite 10.10.5. Luckily, there have been no reports of these being exploited in the wild as of yet. However, since there is no official patch from Apple, cybercriminals will certainly try to take advantage of this vulnerability.

Staying Protected

Until Apple issues a patch for the vulnerability, it is important for users to follow extra steps to ensure their security:

• Use extra caution when receiving suspicious messages from unknown senders, especially ones containing an attachment or link.
• Exercise caution and only download and install new software from trusted sources such as Apple’s App store.
• Install any security updates to OS X as soon as they become available.