A zero-day exploit, in all current Mac OS X versions, has been detected by a
researcher of SentinelOne which will enable hackers to circumvent Apple’s
newest protection feature, System Integrity Protection (SIP).
“Our researchers recently uncovered a major flaw which allows for local
privilege escalation and bypass of System Integrity Protection, Apple’s newest
protection feature,” said SentinelOne in a blog post.
The researcher, Pedro Vilaca, has
described the vulnerability as a non-memory corruption issue which allows attackers
to execute arbitrary code on any binary. It can bypass a key security feature of
the latest version of OS X, El Capitan, the System Integrity Protection (SIP)
without kernel exploits.
SIP was introduced with OS X 10.11, El Capitan. Apple designed SIP to
prevent any users, even root ones, from modifying key system files. Once the
hacker bypasses SIP, they have near total control of any device running OS
X. The exploit could use SIP as a shield to prevent the system from
repairing itself, which Vilaca calls a “protection racket.”
“It is a logic-based
vulnerability, extremely reliable and stable, and does not crash machines or
processes,” SentinelOne explains. “This kind of exploit could
typically be used in highly targeted or state sponsored attacks.”
The flaw has been reported to Apple
and a patch is on the way.