A critical flaw has been discovered in all the versions of Apple’s OS X, which gives the hackers total control of your Mac.
New Flaw Gives Hackers Total Control Of Any MAC
[dropcap]A[/dropcap] Very crucial vulnerability “zero-day” was recently discovered in all the versions of Apple’s OS X operating system, which allows the hackers to exploit the company’s newest protection feature, known as System Integrity Protection (SIP) and also steal sensitive data from the affected systems.
System Integrity Protection (SIP) is a new feature, recently designed by Apple to prevent malicious software from modifying the protected files and folders in your MAC. Essentially to protect the system from anyone who has root access, authorized or not and also protect the system from getting hijacked by the malicious code.
According to the researchers “The same exploit allows someone to escalate privileges and also to bypass system integrity. In this way, the same OS X security feature designed to protect users from malware can be used to achieve malware persistency.” For example “To exploit this vulnerability, an attacker must first compromise the target system. This could be accomplished via a spear phishing attack, or by exploiting the user’s browser”
Hackers could attack SIP directly, forgoing traditional methods, such as memory corruption, to access a system at the same time, which allows the hackers to execute the temporary code on the targeted machine, to perform remote code execution (RCE) or sandbox escapes. And Once the hacker successfully bypasses the System Integrity Protection (SIP), it has almost total control of any device running OS X.
Researchers say that “It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes. This kind of exploit could typically be used in highly targeted or state-sponsored attacks.”
The most problematic part is that it is very difficult to detect the vulnerability, somehow, if it happens then it will be very difficult or impossible task to remove the virus from your MAC.
Since this vulnerability does not only reveals a major security flaw in OS X, but also provides more evidence that exploits can be extremely stealthy, and sometimes virtually it is almost impossible to detect. However, Apple has been notified of the problem and fixes will be available soon.