Slashdot Mirror
macOS Exploit Published on the Last Day of 2017 (bleepingcomputer.com)
An anonymous reader shares a report: On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier. Siguza did not notify Apple in advance, so at the time of writing, there is no fix for this flaw. Despite the doom and gloom, the vulnerability is only a local privilege escalation (LPE) flaw that can only be exploited with local access to a computer or after an attacker has already got a foothold on a machine. The vulnerability grants root access to an attacker. The issue affects the IOHIDFamily macOS kernel driver, a component that handles various types of user interactions. Siguza said he read about various flaws in this component and took a look at it to find new ways to compromise iOS, Apple's mobile operating system, where IOHIDFamily is also deployed. The expert says he found the LPE flaw in the IOHIDFamily code specific to macOS versions only. In a tweet, Siguza said, "My primary goal was to get the write-up out for people to read. I wouldn't sell to blackhats because I don't wanna help their cause. I would've submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.
Oh, it's "only a local privilege escalation". No worries then.
I would never do this. Too many companies turn and sue when you bring it to their attention.
I would sell it on the dark web instead. Safer and more profitable.
There hasn't been a visionary in charge there since the early 90s.
The NSA collects every message it can so I expect China's government to do the same. Unless the US is more a police state than China
Without a visionary in charge, the company cuts corners and is losing major ground in 2018. If I owned Apple stock it'd be sold today.
The best thing that could happen to Apple (and to Apple users) is if Elon Musk took control of Apple without him losing any influence at Tesla or SpaceX.
These companies are a good fit, really. Tesla would have Apple product design power and Apple could benefit from someone clearly on Steve Jobs' visionary and operational level.
Something like this or similar: https://www.marketwatch.com/st...
Stupid. Fucking. Hater. Die Hater, Die!!!
From TFS, this Vulnerability has likely been around since 2002. Steve Jobs didn't die until late 2011.
So, what in the FUCK does the loss of a "visionary" have to do with this Exploit?
Answer: Abso-lutely FUCKING NOTHING!!!
So, go Hate somewhere else, Moron! We're busy here...
Early on in Mac OS X's (as it was then) history, Apple released the very first version of Safari. At that point, thanks to the Jobs vision of "It just works" coupled with the way earlier Mac OSes had run, to install an application (including setting it up to open files of a particular type by default) you just needed to copy the application to your hard drive. Anywhere on the hard drive. It didn't matter where. The operating system would automatically set everything up.
(And, to be fair, that's not a bad way to work, except...)
Well, Safari would also open and extract any ZIP or .SIT (a Mac specific archive format) file if you downloaded it. Automatically. It woudn't ask you, it just assumed you wanted that. Because, remember, Steve Jobs, "It just works".
So to install an application on someone else's Mac, all you had to do was make your web page redirect to a ZIP file, containing the application. And if, say, you made that application open files with a common suffix, and you also send a file with that suffix, then the moment the curious user double clicked it, it'd launch your application.
It took months before everyone was able to persuade Apple this was a bad idea and a version of Safari was released that didn't automatically open Zip files.
Jobs had vision. But to infer from that he was security minded would be a mistake. He was interested in making computers easy to use, but security got in the way of that, and it took a long time before anyone inside or outside of Apple figured out how to make security easy to use as well.
You are not alone. This is not normal. None of this is normal.
What an ass!! What are you busy doing, sucking apples dong or polluting /. with pro-apple lies and propaganda?
There hasn't been a visionary in charge there since the early 90s.
What? Gil Ameilio? Or John Sculley, Pepsi man???
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/....
Ohhhh Kaaaaayyyy...
Yeah, one of them was "visionary" enough to have Apple running in about 20 different directions at once (when it wasn't big enough to handle that!), and the other one nearly bankrupted the Company by licensing MacOS and Macintosh ROM code to Third Parties.
Yeah, visionaries...
Without a visionary in charge, the company cuts corners and is losing major ground in 2018.
Apple is losing major ground, one business day in to 2018? Better sell stocks stat!
Wait a second... are we returning to the days of "beleaguered" Apple? Do we get to pull that off the shelf again? It's been like 20 years since we've been able to use that...
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Reading the writeup I would say this guy really knows his Mac internals. Apple is getting better at security though: the last root exploit only required you to type "root" and no password. And the one before that required a single line of script to get root.
Maybe he was referring to Michael Spindler? It would be just as comical...
He did manage to get PowerPC out the door, I guess.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The good news is that even on the absolute first version of OS X, if you wanted to do anything that was outside the user home folder, or even with the user's keychain, it would ask for your password.
I don't know about you, but if you go to a web site and then it starts asking for your system password, YOU DO NOT PUT IT IN.
You are correct that Safari auto-expanding compressed archives wasn't a good idea. However, the inherent security design that the actual engineers managed to persuade Jobs to keep in the OS prevented major damage from things like that, to the point that even Jobs was recounting his at-the-time skepticism and praising that design and those engineers in on-stage interviews years later.
No operating system is without flaws. However, mix a bit of common sense in with good design, and you come out ahead of just good design.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Maybe he was referring to Michael Spindler? It would be just as comical...
He did manage to get PowerPC out the door, I guess.
You're right! I forgot ALL about him!!!
The password thing was to verify that you had permission to allow something dangerous to occur. But in 99% of cases, you do have that permission. Realistically, it should only be asking you if you're not an admin. But wait, that's not my major complaint.
You write your Trojan and get it to your victim's hard drive. Victim clicks on a JPEG and it opens your application, and your application then starts the application the victim thinks should have opened it while going into the background.
After five minutes, you pop up something that looks exactly like the Software Update dialog. The user sees there's some minor, quick, update that's also very important, that needs to be run, so they click Update, and up pops the administrator password dialog.
And they enter the password. And now your application, which is what really put up both the Software Update and Password dialog, now has your password. And through that root access (via sudo) to your PC.
Like I said, they may have fixed this by now, but certainly in the first few revisions of the operating system, this was an awful idea awfully executed, against presumably because of a "Just works" mentality that worked against making it harder. Incredibly, Microsoft got this right: it doesn't generally ask for a password, instead: if you're logged in as an admin, it asks permission without needing to further verify it's you, and if you're not, it tells you to log in with sufficient rights.
You are not alone. This is not normal. None of this is normal.
It just hasn't been made public yet...
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
Couldn't care less about the people in charge.
That was the only era when Apple mattered though, when their software and hardware were years ahead of anyone else. The II series, the Quadra, System 7, graphics and audio capabilities that were unmatched for a long time, at least in consumer hardware. They still coast on that reputation today.
The PowerPC and System 7.5 were already harbingers of the end, frankly.
And that thing that wears Apple's face now is no longer Apple.
Stupid. Fucking. Hater. Die Hater, Die!!!
Why the fuck did this get (+5)?
Avantgarde Hebrew science fiction
Since they hired msmash to push articles it has been anti Apple ever since. And for some reason lots of British oriented articles. Must have dredged her out of the sewers near the Thames I guess.
"Stupid. Fucking. Hater. Die Hater, Die!!!"
I hope the irony of this statement was not lost on you.
A vulnerability from back in 2017 is probably old enough to not be worth fixating.
I'll see your senator, and I'll raise you two judges.
Stupid. Fucking. Hater. Die Hater, Die!!!
Why the fuck did this get (+5)?
I dunno. Maybe because I was RIGHT.
The bigger question would be why is YOUR post +4 INSIGHTFUL?
WTF "Insight" is there in asking why someone ELSE was modded UP???
I read IOHIDFamily, which contain IO and HID. Obviously, but, this means USB to me, and, doing basic math, I'm wondering whether a no-name Chinese USB device could use this hole to implant some malware.
Totof
Thanks. That was funny.
The dangers of knowledge trigger emotional distress in human beings.
That's not been an issue if the user isn't blindly putting in their password to everything that pops up - the box that pops up for authentication is presented by the authentication library and gives the name of the calling application and is somewhat generic. The historic Software Update box has always looked unique, and lists what updates it would be downloading and immediately asks for your password upon clicking "install" and is identified as Apple Software Update. Now, they are done through the App Store, which would be even harder to spoof.
I see what you are saying though - yes it's probably possible to go through some form of convoluted combination of exploits and vulnerabilities to "own" someone, but that is the case with every OS. The fact that it hasn't happened in 15+ years says something about how difficult it would be to do, though it isn't the complete story by any means.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
That's not been an issue if the user isn't blindly putting in their password to everything that pops up
Welcome to the Real World(tm) where users act like idiots all day, every day.
I see what you are saying though - yes it's probably possible to go through some form of convoluted combination of exploits and vulnerabilities to "own" someone, but that is the case with every OS. The fact that it hasn't happened in 15+ years says something about how difficult it would be to do, though it isn't the complete story by any means.
What hasn't happened in 15+ years? OSX? There's been plenty of people trojan'd on OSX.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Why the fuck did this get (+5)?
Same reason posts critical of Apple get modded down... iFanboys with modpoints.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Right about what? The guy didn't mention Jobs once. You fucking did. Comment on the 15 year old exploit and the constant fuckupery as of late. You're a fucking joke.
Shit, he did mention Jobs and called him a visionary, my bad. Carry on attacking him.