sincity Posted January 2, 2018 Posted January 2, 2018 Another hole has been found in macOS, with the flaw being revealed by a security researcher (or ‘hobbyist hacker’, as his Twitter profile notes) as the New Year rolled around – hardly the start to 2018 Apple would have wanted. The researcher who goes by the name of Siguza said that the zero-day flaw seems to have been present in Apple’s desktop operating system since as far back as 2002. It allows any user to gain full control of a Mac computer, but not remotely – an attacker will need physical access to the machine in question. In that case, they can use this local privilege escalation bug to get root permissions and execute arbitrary code, as Wccftech.com reports. Furthermore, the exploit isn’t very sophisticated or stealthy, and will log the user out. Siguza observed: “Needs to be running on the host already (nothing remote), achieves full system compromise by itself, but logs you out in the process. “Can wait for logout though and is fast enough to run on shutdown/reboot until [macOS] 10.13.1. On 10.13.2 it takes a fair bit longer (maybe half a minute) after logging out, so if your OS logs you out unexpectedly… maybe pull the plug?” Embarrassing episode Note that this vulnerability apparently affects all versions of macOS, and while it may not be particularly sophisticated, it’s still worrying. Particularly coming after the much-publicized login bug in High Sierra which emerged last November, although that was an entirely more embarrassing affair given how basic the security flaw was (you could log onto any Mac simply by using ‘root’ as the username, with nothing in the password field). Clearly, though, this is the last thing Apple needed to kick-off 2018 with. Even if it is a rather clunky exploit which requires physical access to the PC in question, it still allows for a full system compromise – and most worryingly it’s a bug which has apparently been present in Apple’s desktop OS for a decade and a half, or thereabouts. Apple is working on a patch right now, according to the report, so we should hopefully see that come through the pipeline pretty sharpish. A couple of Apple’s MacBooks make our list of best laptops Quote
Xernicus Posted January 2, 2018 Posted January 2, 2018 Funny enough, I've used scripts and kernel bypasses to gain access (locally) to Mac OS X systems attached to DC's for the past ten years. Let's see if it's patched. Quote
Chuckun Posted January 2, 2018 Posted January 2, 2018 Funny enough, I've used scripts and kernel bypasses to gain access (locally) to Mac OS X systems attached to DC's for the past ten years. Let's see if it's patched. I doubt it.. They have always said they are perfect and *most* Mac users believe anything Apple says - understandable when you're paying all that money I suppose, you'd like to think you could trust them to get security right at least. 1 Quote
cookiem0nster Posted January 2, 2018 Posted January 2, 2018 (edited) since they don't use ibm processors anymore users could swap OS real easy, but then they just have an extremely expensive pc Edited January 2, 2018 by cookiem0nster 3 Quote
Symfony Posted January 2, 2018 Posted January 2, 2018 best thing about Macs is that they last for a really long time. that being said from a development/non gaming perspective, the OS is also quite nice to use. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.