Jump to content

New macOS bug allows for full system compromise – if attacker has physical access


Recommended Posts

Posted

Another hole has been found in macOS, with the flaw being revealed by a security researcher (or ‘hobbyist hacker’, as his Twitter profile notes) as the New Year rolled around – hardly the start to 2018 Apple would have wanted.

The researcher who goes by the name of Siguza said that the zero-day flaw seems to have been present in Apple’s desktop operating system since as far back as 2002.

It allows any user to gain full control of a Mac computer, but not remotely – an attacker will need physical access to the machine in question. In that case, they can use this local privilege escalation bug to get root permissions and execute arbitrary code, as Wccftech.com reports.

Furthermore, the exploit isn’t very sophisticated or stealthy, and will log the user out. Siguza observed: “Needs to be running on the host already (nothing remote), achieves full system compromise by itself, but logs you out in the process.

“Can wait for logout though and is fast enough to run on shutdown/reboot until [macOS] 10.13.1. On 10.13.2 it takes a fair bit longer (maybe half a minute) after logging out, so if your OS logs you out unexpectedly… maybe pull the plug?”

Embarrassing episode

Note that this vulnerability apparently affects all versions of macOS, and while it may not be particularly sophisticated, it’s still worrying. Particularly coming after the much-publicized login bug in High Sierra which emerged last November, although that was an entirely more embarrassing affair given how basic the security flaw was (you could log onto any Mac simply by using ‘root’ as the username, with nothing in the password field).

Clearly, though, this is the last thing Apple needed to kick-off 2018 with. Even if it is a rather clunky exploit which requires physical access to the PC in question, it still allows for a full system compromise – and most worryingly it’s a bug which has apparently been present in Apple’s desktop OS for a decade and a half, or thereabouts.

Apple is working on a patch right now, according to the report, so we should hopefully see that come through the pipeline pretty sharpish.

  • A couple of Apple’s MacBooks make our list of best laptops
gNm67s1yMWk
Posted

Funny enough, I've used scripts and kernel bypasses to gain access (locally) to Mac OS X systems attached to DC's for the past ten years. Let's see if it's patched.

Posted

Funny enough, I've used scripts and kernel bypasses to gain access (locally) to Mac OS X systems attached to DC's for the past ten years. Let's see if it's patched.

I doubt it.. They have always said they are perfect and *most* Mac users believe anything Apple says - understandable when you're paying all that money I suppose, you'd like to think you could trust them to get security right at least.

  • Like 1
Posted (edited)

since they don't use ibm processors anymore users could swap OS real easy, but then they just have an extremely expensive pc :D

Edited by cookiem0nster
  • Like 3
Posted

best thing about Macs is that they last for a really long time. that being said from a development/non gaming perspective, the OS is also quite nice to use. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.