Unpatched macOS Vulnerability Allows Full Control of the System

0
73

A security researcher specializing in Apple’s operating system has found an unpatched vulnerability in macOS which hackers can exploit to gain full access to the system.

The exploit details and the proof-of-concept (PoC) code were revealed to the public yesterday by an expert who uses the online moniker Siguza (s1guza).

A hacker who has access to a system can leverage the flaw, described as a “zero day,” in order to execute arbitrary code and obtain root permissions.

The local privilege escalation (LPE) vulnerability affects IOHIDFamily – a kernel extension created for human interface devices (HID) like a touchscreen or buttons.

Siguza was trying to find flaws which would let him hack the iOS kernel, when he discovered that some components of this extension like IOHIDSystem, exist on macOS only which led him to identify a potentially serious security flaw.

The bugs which Siguza found affect all versions of macOS and can lead to an arbitrary read/write vulnerability in the kernel. Also, the exploit developed by the hacker disables the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI) security features.

Nevertheless, the researcher noted that his exploit, called IOHIDeous, is not stealthy because it needs to force a logout of the logged-in user. At the same time, a hacker could create an exploit which is triggered when the targeted device is rebooted or shut down manually.

Some of the PoC code which Siguza created works only on macOS High Sierra 10.13.1 and earlier, however, the expert thinks that the exploit can be tweaked to work on the 10.13.2 version, which Apple released on December 6, 2017.

According to Siguza, the flaw has probably appeared in 2002, however, some clues suggest that it could actually be a decade older than that.

The expert also added that he would have reported his findings to Apple instead of revealing them to the public if the vulnerability had been remotely exploitable or if the bug bounty program of the company covered macOS.

SHARE
Nelly Vladimirova
Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott's College, UK. Presently, she is presenting the latest news related to computer security at www.virusguides.com.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.