A security researcher specializing in Apple’s operating system has found an unpatched vulnerability in macOS which hackers can exploit to gain full access to the system.
The exploit details and the proof-of-concept (PoC) code were revealed to the public yesterday by an expert who uses the online moniker Siguza (s1guza).
A hacker who has access to a system can leverage the flaw, described as a “zero day,” in order to execute arbitrary code and obtain root permissions.
The local privilege escalation (LPE) vulnerability affects IOHIDFamily – a kernel extension created for human interface devices (HID) like a touchscreen or buttons.
Siguza was trying to find flaws which would let him hack the iOS kernel, when he discovered that some components of this extension like IOHIDSystem, exist on macOS only which led him to identify a potentially serious security flaw.
The bugs which Siguza found affect all versions of macOS and can lead to an arbitrary read/write vulnerability in the kernel. Also, the exploit developed by the hacker disables the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI) security features.
Nevertheless, the researcher noted that his exploit, called IOHIDeous, is not stealthy because it needs to force a logout of the logged-in user. At the same time, a hacker could create an exploit which is triggered when the targeted device is rebooted or shut down manually.
Some of the PoC code which Siguza created works only on macOS High Sierra 10.13.1 and earlier, however, the expert thinks that the exploit can be tweaked to work on the 10.13.2 version, which Apple released on December 6, 2017.
According to Siguza, the flaw has probably appeared in 2002, however, some clues suggest that it could actually be a decade older than that.
The expert also added that he would have reported his findings to Apple instead of revealing them to the public if the vulnerability had been remotely exploitable or if the bug bounty program of the company covered macOS.
