Apple Mac OS Zero-Day Flaw Disclosed

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Mac users welcomed to new year with zero-day vulnerability in MacOS that has been open for over a decade

Apple Mac users are being confronted with the news of a zero-day vulnerability that affects all versions of the MacOS operating system.

Indeed, the flaw has been sitting around undiscovered for 15 years until it was published earlier this week by a researcher calling himself Siguza.

The flaw is the latest vulnerability found in the Mac operating system. Last month it was discovered that OSX.Pirrit adware was exploiting AppleScript to spy on Apple Mac users.

apple-macbookpro-3

Root Access

The new flaw is dubbed IOHIDeous, in a detailed write up of the vulnerability published on GitHub.

“One tiny, ugly bug. Fifteen years. Full system compromise,” wrote Siguza.

Essentially, it seems that IOHIDeous is a local privilege escalation flaw that can be exploited only if an attacker has access to an Apple Mac — or previously compromised Mac.

However the flaw is serious (a zero-day flaw), as it would give an attacker root access to the machine.

Siguza said he had discovered the flaw after examining the IOHIDFamily looking for an iOS flaw, but he soon realised that some parts of the IOHIDFamily exist only on macOS, namely IOHIDSystem (which contains the flaw).

The flaw is only able to be exploited if a Mac user logs out, but Siguza warned that attackers could use a “sleeper program” that would trigger when a user logs off, reboots or shuts down the Mac.

He published proof-of-concept zero-day code on GitHub that shows how the macOS kernel exploit works.

Responsible Disclosure

Some will question why Siguza chose to not inform Apple of the flaw, or sell the exploit to either governments or black hats.

However, Siguza answered that in a Tweet, in which he explained that Apple’s bug bounty program does not include MacOS.

My primary goal was to get the write-up out for people to read,” he tweeted. “I wouldn’t sell to blackhats because I don’t wanna help their cause. I would’ve submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.”

“Since neither of those were the case, I figured I’d just end 2017 with a bang because why not,” he added in a follow up tweet. “But if I wanted to watch the world burn, I would be writing 0day ransomware rather than write-ups ;)”

Apple Security

Apple’s security credentials have been dented in 2017 as more and more malware and vulnerabilities were discovered.

Last August for example Malwarebytes warned Apple Mac users that the days of their devices being relatively safe from malware were long over. It found that more Mac malware had been detected in Q2 2017 than in all of 2016.

In November Apple itself patched a serious root bug that could have allowed anyone to access a Mac system, but it turns out the problem could return when the official Apple fix was applied.

And in October a flaw was discovered that could have allowed anyone to gain access to encrypted hard disk volumes. That issue meant that when a user requested a password hint for certain encrypted volumes the operating system instead displayed the entire password.

Do you know all about security in 2017? Try our quiz!

Read also :