macOS Exploit Published on the Last Day of 2017 (update probably not coming in the next days)

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

LASER_oneXM

Level 22
Content Creator
Feb 4, 2016
1,197
Operating System
Windows 8.1
Installed Antivirus
Kaspersky
#1


On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier.

Siguza did not notify Apple in advance, so at the time of writing, there is no fix for this flaw.

Despite the doom and gloom, the vulnerability is only a local privilege escalation (LPE) flaw that can only be exploited with local access to a computer or after an attacker has already got a foothold on a machine. The vulnerability grants root access to an attacker.

Vulnerability affects IOHIDFamily macOS kernel driver
The issue affects the IOHIDFamily macOS kernel driver, a component that handles various types of user interactions.

Siguza said he read about various flaws in this component and took a look at it to find new ways to compromise iOS, Apple's mobile operating system, where IOHIDFamily is also deployed. The expert says he found the LPE flaw in the IOHIDFamily code specific to macOS versions only.
Update probably not coming

Bleeping Computer has reached out to Apple for comment on the vulnerability. Taking into account the holiday season, Apple will most likely not release an update in the following days.


In addition, LPE flaws are not considered critical, and it's likely that Apple won't release an emergency update to fix the issue, but address it as part of its next monthly security update train.
 

Opcode

Level 26
Content Creator
Aug 17, 2017
1,547
Installed Antivirus
Qihoo 360
#3
Do you know way to patch or protect?
The vulnerability which is exploited resides in kernel-mode software, a critical component for the OS X environment. Disabling it ruins functionality/prevents the system from working depending on how critical the device driver is, and it running without a patch for the vulnerability leaves it vulnerable. You can wait for Apple to patch it, which will be soon I suspect. even if its alleged it won't be.

The best thing you can do is to be careful with what you put on your system, and then you'll be fine. The vulnerability can't be exploited if there's nothing running which is malicious and has the ability to exploit it. However, the attack vector is likely low because OS X attacks are a lot less than with Operating System's like Windows, simply because OS X enforces privileges/rights differently and it tends to be easier to attack Windows, which means more likelihood for an attacker to make money.

If its a critical vulnerability then it'll be fixed but honestly even if it wasn't patched for the next year I doubt it'd be exploited much in malware because the OS X market for malware is quite bland as it is already. It'll probably be fixed within a week or two which isn't that bad
 
Last edited: