After facing a string of embarrassing security incidents over the past year, Apple was forced to address another problem on New Year’s Eve. A security researcher by the name of Siguza published a write-up that details “one tiny, ugly bug.” Said to have been exploitable in Apple’s Mac operating systems since 2002, the flaw could give attackers a way to infiltrate machines after they’ve been stolen.
My primary goal was to get the write-up out for people to read. I wouldn't sell to blackhats because I don't wanna help their cause. I would've submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.
— Siguza (@s1guza) January 1, 2018
After obtaining physical access to a Mac, a hacker would be able to exploit the vulnerability to escalate their privileges to root level. Once this is achieved, they’d be granted unfettered access to the rest of the Mac system. The additional permissions could be used to install malware, download a permanent backdoor or tamper with the real user’s files.
According to Siguza, the exploit isn’t particularly sophisticated and will complete very quickly on macOS versions up to 10.13.1. On 10.13.2, the privilege escalation is said to take up to half a minute to finish, giving the user a way to abort the operation.
Any logged-in users will be logged out immediately before the attack takes place, giving macOS 10.13.2 users an early warning. Any unexpected logouts could be taken as an opportunity to disconnect the power cord.
People mad at me for dropping a 0day and making them vulnerable: what's your threat model?
If it's script kiddies, you're safe because it's just a LPE and nothing remote.
If it's people who can get remote code exec, what makes you think they don't have kernel r/w as well anyway?— Siguza (@s1guza) January 1, 2018
READ NEXT: Ripple rises to become second largest cryptocurrency
Siguza did not disclose the vulnerability to Apple before making it public. Because of this, there’s currently no patch available. Writing on Twitter, Siguza justified his decision not to properly disclose his findings. He said Apple doesn’t currently have a macOS bug bounty program. Because the flaw isn’t remotely exploitable, it will be of little interest to web-based “script kiddies” and is only applicable in a few scenarios.
The risk of attack should be relatively low for most users but could be of concern to people who have to leave their Mac unattended. Apple has now been notified of the problem and is working to patch the latest security hole to be found in its Mac operating system. There’s no indication yet of when it will be ready for release.
