TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: II
Serial: TR-18-003-001
Countries: IN, CN
Report Date: 20180102
Apple MacOS Privilege Escalation Vulnerability Allows Root Access
A security researcher has made public a vulnerability in Apple’s MacOS operating system which allows an attacker to take complete control of the system. The vulnerability was made public on 31 December 2017 by a researcher who is identified as, “Siguza.”
Analysis:
The bug is a local privilege escalation (LPE) vulnerability. LPE vulnerabilities are bugs or design flaws in operating systems or applications which, once exploited, allow attackers to gain elevated access to resources or functionalities that are normally protected from the user. This vulnerability in Apple’s MacOS allows an attacker to gain root access on the targeted system and could execute malicious code.
The vulnerability resides in the IOHIDFamily[1]. It is an extension of the kernel that provides an interface to interact with Human Interface Devices like touchscreens, buttons, accelerometer etc. This vulnerability allows an attacker to install a root shell and execute commands with root privileges.
Siguza believes that this bug is 15 years old per his statement, “One tiny, ugly bug. Fifteen years. Full system compromise”[2].
The complete details of the vulnerability can be found at: https://siguza.github.io/IOHIDeous/
The researcher has also released the source code and exploitation processes which can be found at: https://github.com/Siguza/IOHIDeous/
Impact:
The vulnerability, if exploited, will allow an attacker to install a root shell and execute arbitrary commands with root privileges. The attacker can thus install rootkits, keyloggers, and even encrypt the target’s data. Malware using this exploit can infiltrate deep into the target system and alter system files.
Mitigation and Prevention Measures:
Customers are advised to update their operating system to the latest version, which is currently, 10.13.2. To check which version you are running, click the Apple icon on top left of the screen. Also keep a lookout for the latest patches that Apple may release in future.
Contact the Wapack Labs for more information: 603-606-1246, or feedback@wapacklabs.com.
Comments