Zero Day Mac OS Kernel Flaw


The vulnerability has been around for over 15 years, according the researcher who discovered it.

A security researcher who goes by the handle Siguza claims to have disclosed an unpatched zero-day vulnerability in the Mac OS kernel that allows an attacker to take complete control over the system.

The Hacker News reported the discovery, "The bug is a serious local privilege escalation (LPE) vulnerability that could enable an unprivileged user (attacker) to gain root access on the targeted system and execute malicious code. Malware designed to exploit this flaw could fully install itself deep within the system.”

Siguza has detailed the vulnerability in a write-up that was published on GitHub, “This is the tale of a Mac OS-only vulnerability in IOHIDFamily that yields kernel r/w and can be exploited by any unprivileged user."

Sigzua tweeted about it on 31 December, 2017. When asked by other Twitter users why he/she didn’t sell it to government or a blackhat, Sigzua responded, "My primary goal was to get the write-up out for people to read. I wouldn't sell to blackhats because I don't want to help their cause. I would've submitted it to Apple if their bug bounty included Mac OS, or if the vuln was remotely exploitable. Since neither of those is the case, I figured I'd just end 2017 with a bang because why not. But if I wanted to watch the world burn, I would be writing 0day ransomware rather than write-ups ;)"

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=