Email
Password
Remember meForgot password?
    Log in with Twitter

article image15-year-old macOS bug lets anyone gain root access

By James Walker     Jan 2, 2018 in Technology
A 15-year-old vulnerability in Apple's macOS has been detailed by a researcher. Published on the last day of 2017, it's the latest security problem to impact macOS. The issue allows an attacker to compromise a system but they need physical access first.
After facing a string of embarrassing security incidents over the past year, Apple was forced to address another problem on New Year's Eve. A security researcher by the name of Siguza published a write-up that details "one tiny, ugly bug." Said to have been exploitable in Apple's Mac operating systems since 2002, the flaw could give attackers a way to infiltrate machines after they've been stolen.
After obtaining physical access to a Mac, a hacker would be able to exploit the vulnerability to escalate their privileges to root level. Once this is achieved, they'd be granted unfettered access to the rest of the Mac system. The additional permissions could be used to install malware, download a permanent backdoor or tamper with the real user's files.
According to Siguza, the exploit isn't particularly sophisticated and will complete very quickly on macOS versions up to 10.13.1. On 10.13.2, the privilege escalation is said to take up to half a minute to finish, giving the user a way to abort the operation.
Any logged-in users will be logged out immediately before the attack takes place, giving macOS 10.13.2 users an early warning. Any unexpected logouts could be taken as an opportunity to disconnect the power cord.
READ NEXT: Ripple rises to become second largest cryptocurrency
Siguza did not disclose the vulnerability to Apple before making it public. Because of this, there's currently no patch available. Writing on Twitter, Siguza justified his decision not to properly disclose his findings. He said Apple doesn't currently have a macOS bug bounty program. Because the flaw isn't remotely exploitable, it will be of little interest to web-based "script kiddies" and is only applicable in a few scenarios.
The risk of attack should be relatively low for most users but could be of concern to people who have to leave their Mac unattended. Apple has now been notified of the problem and is working to patch the latest security hole to be found in its Mac operating system. There's no indication yet of when it will be ready for release.
More about Apple, macos, Mac, Cybersecurity, zeroday vulnerability
 
Latest News
Top News