MacOS Zero Day Kernel Flaw Allows Root Access
A security researcher made the macOS Zero Day Kernel flaw public on New Year’s Day
Apple received an unwelcome New Year’s gift in the form of a public disclosure of a years-old macOS Zero Day Kernel flaw. The flaw was revealed by a security researcher who goes by the alias Siguza. Per the researcher, the vulnerability is at least 15 years old. They released details on the flaw as well as a Proof of Concept (available on GitHub)..
The flaw represents a major local privilege escalation (LPE) vulnerability that could enable an attacker to gain root access to a system and execute malicious code. The proper malware – anything designed to exploit a flaw like this – could fully install itself deep within the system.
Siguza claims the code is 15 years old, but per The Hacker News, some clues indicate that this could be a decade older than that.
This LPE flaw is attributed to the IOHIDFamily, which is an extension of the macOS kernel designed for human interface devices like a touchscreen or buttons. The flaw lets an attacker install a root shell or execute arbitrary code on the system.
“IOHIDFamily has been notorious in the past for the many race conditions it contained, which ultimately lead to large parts of it being rewritten to make use of command gates, as well as large parts being locked down by means of entitlements… I was originally looking through its source in the hope of finding a low-hanging fruit that would let me compromise an iOS kernel, but what I didn’t know it then is that some parts of IOHIDFamily exist only on macOS – specifically IOHIDSystem, which contains the vulnerability.”
The exploit shown by Siguza, cleverly named IOHIDeous, affects all versions of macOS. The exploit also disables System Integrity Protection and Apple Mobile File Integrity security features – these both defend against malware.
The exploit can only occur when a user logs out or is forced to log out. Unfortunately, Apple’s bug bounty program doesn’t offer rewards for macOS bugs, so rather than report this zero-day directly to Apple, he just dumped it on Twitter. Like you do.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown