Apple Finally Responds to That 15-Year-Old macOS Bug Giving Attackers Root Access
A security researcher dumped a 15-year-old macOS bug on the new year's eve. He had called it a tiny, ugly bug that leads to full system compromise. The bug was a local privilege escalation vulnerability that affects all versions of the Apple's desktop operating system. It's been 3 days since the details of this bug were published online and Apple is yet to deliver a fix. The company, however, promises that it's working on the patch.
macOS LPE bug leads to full system compromise but needs physical access
After the security researcher who goes by the name Siguza on the internet published the bug online, they had added that Apple is aware of the flaw and is working on a fix. Since Siguza had called it a zero day security vulnerability, it was expected that the Cupertino tech giant would act fast to deliver a patch.
However, Siguza had noted at the time that it is not a remotely exploitable vulnerability, which was why he hadn't thought twice before publishing it online instead of contacting Apple directly. [Apple's not offering any bounties for macOS vulnerabilities was another major reason]
Any user on the machine -> full system compromise.
— Siguza (@s1guza) January 1, 2018
The iPhone maker has now given an update on what is happening and has promised to deliver the patch later in January. "Apple is committed to the security of our customers’ devices and data, and we plan to patch this issue in a software update later this month," the tech giant said in an emailed statement. The company has also advised users to avoid installing any software from out of the App Store in the meantime.
"Since exploiting the vulnerability requires a malicious app to be loaded on your Mac, we recommend downloading software only from trusted sources such as the Mac App Store."
The bug, as shared in our original post, affects IOHIDFamily and isn't remotely exploitable or sophisticated. It also requires the attacker to force a logout of an active session unless an attacker triggers it when the device is being booted or shut down - in which case users will notice a delay.
Even though it isn't stealthy or sophisticated, the macOS security bug does lead to full system compromise and attackers can obtain root privileges. It also disables Apple's System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI) security features. While the bug has been present since at least 2002 (researcher said it could be older), it is finally going to be fixed later this month. In the meantime, pay attention to Apple's advice and stick to trusted sources for downloading software.