1. Computing

Zero-day exploit can bypass rootless on Mac to modify the system without detection

By

14 problems mac os x 10 11 el capitan fix apple osx hero
A zero-day exploit affecting Mac OS X allows attackers to execute arbitrary code on any binary. That’s not good, and it gets worse. The exploit bypasses System Identity Protection (SIP, sometimes called rootless), and is almost impossible to trace once implemented. Apple has been notified and a patch is on the way.

“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” wrote SentinelOne in a blog post announcing the discovery. A talk given by Pedro Vilaça at SyScan360, a security conference in downtown Singapore this week, outlined the exploit in detail.

The exploit is unique in that it doesn’t use memory corruption, an common attacker exploit. Instead, the attack exploits a longstanding vulnerability in OS X’s security schemes to gain near-total control over any Mac.

The even crazier thing, however, is that this exploit not only bypasses System Identity Protection but can actively use it to ensure changes made to the system aren’t repaired, something Vilaça calls a SIP “protection racket”.

SIP was introduced with OS X 10.11, El Capitan. It prevents users from changing core system files entirely, even if they enter a root password (hence the nickname “rootless”: there effectively is not a root user). Bypassing SIP and making changes means users cannot undo the changes without first disabling SIP.

Even worse, this exploit is hard to detect using traditional methods.

It all sounds awful, but happily there is no evidence of this exploit being used in the wild, and SentinelOne has informed Apple of the problems. Patches will be out soon.

Vilaça, for what it’s worth, is not blaming Apple.

“Designing security systems is hard,” Vilaça’s slides say at the end of the talk. “Move to defense and give it a try.”

You can read the presentation slides here. It’s a good overview, though a lot of the details seem to be mentioned on-stage and are not on the slides. Here’s hoping a longform version will come out soon.

Editors' Recommendations

4 simple ways to dramatically increase your MacBook’s security

The 13-inch MacBook Pro, viewed at an angle from the back.

The best Mac security tips: 7 mistakes you’re making, and how to fix them

apple macbook pro 13 review 2020 05

Hacker discovers a MacOS exploit that is able to access system passwords

Apple Mac Mini 2018

Apple’s latest feature ensures MacOS apps are safer than ever

macOS Mojave desktop

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Best keyboard wrist rest in 2021

best keyboard wrist rests option rest logitech

How to kill the Hag in Back 4 Blood

The Hag in Back 4 Blood.

The best AIO coolers for your PC

Corsair H100i AIO installed on a CPU.

The best keyboards for 2021

The Razer Huntsman Quartz Edition Mechanical Gaming Keyboard next to a traditional keyboard.

Best Black Friday TV Deals 2021: What to Buy Today

best black friday tv deals bfcm2020 tvs 201027

Destiny 2: Where to find Xur for the weekend of October 22

destinys weekend vendor xur extends stay psnxbox live hacks destiny

The best smartwatches for 2021

apple watch se review apps screen

Walmart is having a flash sale on Nintendo Switch games today

A Nintendo Switch OLED and a 2019 Switch model side by side.