New Mac exploit lets hackers take near-total control without detection
A cyber-security team has just discovered a dangerous new security exploit in Apple’s Mac OS X, leaving the operating system almost completely vulnerable to hackers.
Discovered by SentinelOne, the exploit exists in System Identity Protection (SIP), Apple’s kernel defense feature. It was first introduced in El Capitan, the latest version of Mac OS, and is responsible for preventing users from changing system files through a “rootless” system and keeps even administrator accounts from accessing specific files without first disabling SIP.
“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” said SentinelOne in a blog post.
It seems that SIP can be attacked directly by a hacker to access a system all while evading detection from the operating system due to the difficulty of spotting the exploit once it’s implemented. Then, it can be used to escalate privileges and also to bypass system integrity. To make it even more perilous, they can further use SIP as a weapon to prevent the system from repairing itself.
“This vulnerability not only reveals a major security flaw in OS X, but also provides further evidence that exploits can be extremely stealthy, and at times, virtually impossible to detect.”
Apple has been notified of this zero-day exploit and a patch is on the way but it really is shockingly-worrying how even Apple’s Mac OS, known as a more secure and malware-free alternative to Windows, is vulnerable to an attack.