New OS X zero-day vulnerability allows hackers to steal sensitive data from Apple computers
A new zero-day vulnerability has been revealed in Apple’s OS X operating system that if exploited would allow hackers to steal sensitive data from Apple computers and servers.
Revealed by security firm SentinelOne on Friday, the vulnerability is described as a non-memory corruption bug that exists in every version of OS X and allows users to execute arbitrary code on any binary.
The vulnerability also gives bad actors the ability to bypass a key security feature in OS X El Capitan, the System Integrity Protection (SIP), a system designed to prevent malicious software from being installed, without kernel exploits.
To obtain access to a system to take advantage of the vulnerability, an attacker must first compromise a targeted system via a spear phishing attack, or by exploiting the user’s browser, and making it worse for system admins, it’s hard to detect due to it being a logic-based vulnerability that does not crash machines or processes when it is being used.
“This vulnerability not only reveals a major security flaw in OS X, but also provides further evidence that exploits can be extremely stealthy, and at times, virtually impossible to detect,” the company said.
“The nature of this particular exploit enables it to evade defenses by utilizing very reliable and stable techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss.”
Rapid7, Inc. Senior Security Consultant Guillaume Ross explained to SiliconANGLE via email that the vulnerability could allow an attacker to obtain higher privileges.
“For systems administrators managing OS X servers used by multiple users through SSH or screen-sharing, or for shared OS X computers such as those found in schools, this vulnerability should be considered very dangerous, as legitimate users could attempt to use it to elevate privileges and take control of the system, or other users’ data,” he said.
“Privilege escalation/elevation bugs like this are often used as a second step – they come after an attack or where malware has taken control of the system to access more information or modify the system further. For this vulnerability to be exploited, something else must be leveraged in the first instance, such as, existing malware on the system or another vulnerability that can be exploited remotely, or legitimate access to the computer.
The news of the new zero-day follows a report in October that found 2015 had been the worst year in history for OS X malware.
Apple is reported to have been informed of the issue in January this year but so far has only issued a patch in updates for El Capitan 10.11.4 on March 21st.
Source | SiliconAngle