• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Apple News

15-year-old Unpatched Root Access Bug found in Apple’s macOS

January 2nd, 2018 Waqas Security, Apple News 0 comments
15-year-old Unpatched Root Access Bug found in Apple’s macOS
Share on FacebookShare on Twitter

An IT security researcher has leaked details on an unpatched Apple’s macOS bug which lets attackers gain root access and take complete control of a targeted device.

After a disastrous 2017, where Apple faced all sorts of security-related issues and complaints, the company is in trouble again right from the first day of the New Year! On the very first day of 2018 (or the last day of 2017, depending on your location and region), a security researcher having immense expertise in hacking Apple’s iOS has posted details of an unpatched security flaw present in macOS operating system.

“One tiny, ugly bug. Fifteen years. Full system compromise” wrote the researcher, who uses the alias Siguza (s1guza).

The researcher stated that the flaw can be exploited by cyber-crooks to gain full control of the computer. The unpatched zero-day vulnerability is claimed to be 15 years old. The researcher has also posted a proof-of-concept exploit code, which can be reviewed on GitHub.

Fuck it, dropping a macOS 0day. Happy New Year, everyone. https://t.co/oG2nOlUOjk

— Siguza (@s1guza) December 31, 2017

Siguza, who also calls himself Hobbyist Hacker, noted that this is a dangerous local privilege escalation (LPE) flaw, which allows anyone (even an unprivileged attacker) to obtain root access on the targeted computer so as to execute malicious code. This LPE flaw affects the kernel extension IOHIDFamily, which was designed for HID (human interface device) like touchscreen or buttons.

Furthermore, the malware that has been designed to exploit this 0-day vulnerability can install itself deep into the system and cybercriminals can target Apple’s critical security programs like the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI).

In order to successfully carry out the exploitation of the system, cybercriminals need to get users logged out from the system, which is likely to alert most of the users. However, to evade detection, cybercriminals can attack when the system is shut down or restarted.

The flaw was discovered when Siguza was trying to identify flaws that would allow him to hack the iOS kernel. While doing so Siguze noticed that some of the extension’s components including the IOHIDSystem existed solely on macOS. This discovery led to the identification of the critical zero-day vulnerability in the operating system. Siguza wrote in his post:

“Needs to be running on the host already (nothing remote), achieves full system compromise by itself, but logs you out in the process.”

“Can wait for logout though and is fast enough to run on shutdown/reboot until 10.13.1. On 10.13.2 it takes a fair bit longer (maybe half a minute) after logging out, so if your OS logs you out unexpectedly… maybe pull the plug?” explained Siguza.

People mad at me for dropping a 0day and making them vulnerable: what's your threat model?

If it's script kiddies, you're safe because it's just a LPE and nothing remote.
If it's people who can get remote code exec, what makes you think they don't have kernel r/w as well anyway?

— Siguza (@s1guza) January 1, 2018

The vulnerability is found only in macOS and not in other Apple products such as the iOS but it affects all versions of macOS. Although the flaw is not too serious and concerning it does show that Apple needs to enhance the security of its software. The proof-of-concept created by Siguza is applicable on macOS High Sierra 10.13.1 and earlier versions but he believes that the exploit can be tweaked to become effective on a new version of macOS 10.13.2 released on Dec 6.

Siguza further added that the reason why he publicly announced his findings instead of informing Apple secretly is that the flaw was not remotely exploitable and Apple’s bug bounty program also didn’t cover macOS. Apple, on the other hand, hasn’t responded to the news or released any statement in relation to the findings of Siguza. We will update the article when Apple responds.

  • Tags
  • Apple
  • Flaw
  • internet
  • iOS
  • Mac
  • macOS
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Teen girl facing up to 10 years for sending nude selfie
Next article Code for Satori malware posted on Pastebin
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us