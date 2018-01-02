macOS Exploit Published on the Last Day of 2017 (bleepingcomputer.com) 30
An anonymous reader shares a report: On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier. Siguza did not notify Apple in advance, so at the time of writing, there is no fix for this flaw. Despite the doom and gloom, the vulnerability is only a local privilege escalation (LPE) flaw that can only be exploited with local access to a computer or after an attacker has already got a foothold on a machine. The vulnerability grants root access to an attacker. The issue affects the IOHIDFamily macOS kernel driver, a component that handles various types of user interactions. Siguza said he read about various flaws in this component and took a look at it to find new ways to compromise iOS, Apple's mobile operating system, where IOHIDFamily is also deployed. The expert says he found the LPE flaw in the IOHIDFamily code specific to macOS versions only. In a tweet, Siguza said, "My primary goal was to get the write-up out for people to read. I wouldn't sell to blackhats because I don't wanna help their cause. I would've submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.
oh wait... Anyone who has physical access AIN root on any mac dating back to 2002 and it remains unpatched... Yeah definitely unimportant. Nothing to see here. Move along.
While it is true that Macs are long-lived; I would be very surprised to see many G3 Macs still kickin' it in any sort of a production environment, SEVENTEEN years later...
(Yes, I know it said "Starting with" 2002)...
Oh, it's "only a local privilege escalation". No worries then.
For the majority of use cases, that's pretty much it; you still have to convince someone to give you basic (local or remote) access to the box first.
Same story on *any* OS, come to think of it.
Or you could just log in as "root" no password required.
Exactly. That would work on exactly ONE (minor-revisions) of ONE Major Revision of macOS.
Go back to where you came from, Troll...
If you have a process running on macOS with ambient authority then in most cases a root exploit doesn't give you much - you can already access and modify everything that the user cares about. A vulnerability like this; however, can also be exploited by sandboxed applications (though hopefully not sandboxed daemons, which shouldn't have access to the HIDs).
Most Apple apps are now sandboxed, as are Microsoft Office and anything that is distributed via the App Store. I posted above that most people don't
It's worse than that. It's a local privilege escalation, already patched in macOS 13.0.2 via ROP and race conditions during logout/shutdown of the computer, it requires a LOT of luck and is very time sensitive for it to work, in my testing most of the time the thing will either fail or crash the kernel.
Selling 0-days, or just vulnerabilities in general is quite easy. the buyers are very keen to buy and are not hard to find.
True, but as far as I can see Apple have never done that.
Ya they kinda do.
https://www.techdirt.com/articles/20111107/18193216671/find-vulnerability-apple-software-lose-your-license-as-apple-developer.shtml [techdirt.com]
They didn't SUE. They simply revoked his Developer Cert.
Which is EXACTLY what they SHOULD have done.
Charlie Miller is no fool. One would ASSUME he knows the rules. But instead, he thought he'd be snarky and submit an iOS App that he KNEW violated his Developer Agreement, and then, when the App got Approved, he LEFT IT UP FOR A MONTH, where ANYONE could have downloaded and "learned" from it.
Yeah, he deserved what he got; regardless of how "altruistic" his intentions were (which I believe they actually were).
There hasn't been a visionary in charge there since the early 90s.
What? Gil Ameilio? Or John Sculley, Pepsi man???
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://en.wikipedia.org/wiki/... [wikipedia.org].
Ohhhh Kaaaaayyyy...
Yeah, one of them was "visionary" enough to have Apple running in about 20 different directions at once (when it wasn't big enough to handle that!), and the other one nearly bankrupted the Company by licensing MacOS and Macintosh ROM code to Third Parties.
Yeah, visionaries...
Maybe he was referring to Michael Spindler? It would be just as comical...
He did manage to get PowerPC out the door, I guess.
Maybe he was referring to Michael Spindler? It would be just as comical...
He did manage to get PowerPC out the door, I guess.
You're right! I forgot ALL about him!!!
Without a visionary in charge, the company cuts corners and is losing major ground in 2018. If I owned Apple stock it'd be sold today.
The best thing that could happen to Apple (and to Apple users) is if Elon Musk took control of Apple without him losing any influence at Tesla or SpaceX.
These companies are a good fit, really. Tesla would have Apple product design power and Apple could benefit from someone clearly on Steve Jobs' visionary and operational level.
Something like this or similar: https://www.marketwatch.com/st... [marketwatch.com]
Stupid. Fucking. Hater. Die Hater, Die!!!
From TFS, this Vulnerability has likely been around since 2002. Steve Jobs didn't die until late 2011.
So, what in the FUCK does the loss of a "visionary" have to do with this Exploit?
Answer: Abso-lutely FUCKING NOTHING!!!
So, go Hate somewhere else, Moron! We're busy here...
Early on in Mac OS X's (as it was then) history, Apple released the very first version of Safari. At that point, thanks to the Jobs vision of "It just works" coupled with the way earlier Mac OSes had run, to install an application (including setting it up to open files of a particular type by default) you just needed to copy the application to your hard drive. Anywhere on the hard drive. It didn't matter where. The operating system would automatically set everything up.
The good news is that even on the absolute first version of OS X, if you wanted to do anything that was outside the user home folder, or even with the user's keychain, it would ask for your password.
I don't know about you, but if you go to a web site and then it starts asking for your system password, YOU DO NOT PUT IT IN.
You are correct that Safari auto-expanding compressed archives wasn't a good idea. However, the inherent security design that the actual engineers managed to persuade Jobs to keep in the
Without a visionary in charge, the company cuts corners and is losing major ground in 2018.
Apple is losing major ground, one business day in to 2018? Better sell stocks stat!
Wait a second... are we returning to the days of "beleaguered" Apple? Do we get to pull that off the shelf again? It's been like 20 years since we've been able to use that...
