MacOS Kernel Flaw Could Allow Full-System Compromise

A researcher going by the name “Siguza” unveiled a 15-year-old security vulnerability in Apple’s macOS operating system that could allow an attacker to fully compromise the system. The researcher also published proof-of-concept zero-day code to his GitHub page.

IOHIDeous

The flaw was called “IOHIDeous” by the researcher because it’s a vulnerability in the IOHIDFamily kernel extension that can be exploited by an unprivileged user. According to him, this kernel extension has been the culprit of many macOS security bugs in the past.


Siguza said he was looking for a “low-hanging fruit” bug in the iOS operating system, which shares the kernel with macOS. However, what he found is that some parts of IOHIDFamily exist exclusively for macOS. More specifically, it was the IOHIDSystem in which he found the flaw.

Impact

Attackers that exploit this flaw would need physical access to the user’s machine or some other way to exploit the machine first. Once the attackers are inside the machine, they can gain root privileges through this flaw, which means they will have full control of the system.

Normally, the attack works by logging out the user first, an action that could raise the alarm bells for users. However, this could be easily hidden by waiting for the users to log out or do a restart of the machine on their own. That’s when the attacker is able to obtain root privileges.

Patch May Not Come Quickly

Siguza didn’t contact Apple about the bug ahead of time and he published the bug in the last day of 2017, which means it will take some time for Apple’s security team to investigate the issue and release a patch.

The researcher released a proof-of-concept and more details about how someone could exploit and take over macOS machines. The proof-of-concept code specifically targets macOS High Sierra to show that the latest kernel protections don't work against it. The code should help Apple develop a fix faster, but at the time time this also made it easier for attackers to incorporate the flaw into their exploit tools.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
12 comments
Comment from the forums
    Your comment
  • therealduckofdeath
    A rootkit as old as macos. Why aren't we surprised any more? Toy software for toy computers.
  • therealduckofdeath
    *A rootkit as old as macos x. Why aren't we surprised any more? Toy software for toy computers.
    (I wonder why Tom's refuses to fix this annoying transferring between .co.uk and .com, that just breaks everything and constantly sends you to redirection error pages)
  • bigpinkdragon286
    Anonymous said:
    *A rootkit as old as macos x. Why aren't we surprised any more? Toy software for toy computers.
    (I wonder why Tom's refuses to fix this annoying transferring between .co.uk and .com, that just breaks everything and constantly sends you to redirection error pages)
    I could don the tinfoil hat and suspect it's likely Perch that doesn't care to pay for the fix. All of the bugs in the website seem to essentially cause users to reload the website, which in turn, causes the website to throw all the advertisements at a user's machine anew. So, if all of the flaws on Tom's website were corrected, I suspect revenue would go down, even if only slightly. That isn't likely to motivate management to fix things they don't have to deal with personally on a daily basis.

    In response to the article, it makes the talk of a Windows PC being less secure than an Apple PC sound like nothing more than a bunch of ignorance.

    Hopefully folks remember, or at least learn the reason OS 9 was replaced by a bought and paid for OS was (which Apple essentially customized), because Apple can't write good, long term software solutions. It seems the more Apple tinkers with the product they bought, the more problems the users end up with. This has been an ongoing problem for the company. How many people remember that Apple paid Microsoft to write some of their original software? Look how badly Apple software products perform on a Windows PC. The company has some pretty serious issues when it comes to making fast, stable, and secure, long term software solutions.