Mac OS X Zero-Day Vulnerability Can Bypass Apple’s Latest Protection Feature
Mac OS X is known to be the most secured and advanced computing system provided by Apple Inc. It is very reliable and efficient in terms of safety as it not easy to hack and also reckon as quite secured from malware application too. However, even after all its advancements and efficiency it is still not completely protected from the cyber crooks. Every now and then Apple introduce new and even advanced technology to beat the hackers. However the evolution in technology also brings an opportunity of hackers to try something new.
Well, recently a critical zero day vulnerability has been detected in every single version of Macintosh OS based machines that can be used by the hackers in order to exploit Apple’s latest protection features and to perform malicious activities into infected machine including data theft and many more. The researcher has describes this bug as non-memory corruption issue that allows the roguish minded hackers to execute remote codes onto the victimized computing machine, and later escalate the system privileges to root user.
What is Apple’s New Protection Feature
Earlier, Apple has introduced SIP or System Integrity Protection features with the release of OS X El Capitan. This features is been specially designed in order to prevent the potentially malicious programs from modifying protected files and folders on your Mac computers. This feature was supposed to enhance and strengthen the security of your Mac computer. Well, the sole purpose of SIP feature is to restrict the access as well as the action of root users on protected part of your system in order to reduce the chance of system hack.
Reference : https://support.apple.com/en-gb/HT204899
However, a team of recherches from SentinelOne security Pedro Vilaça has discovered a serious vulnerability both OS X as well as iOS devices that allows the cyber criminals to perform privilege escalation and bypasses System Integrity Protection without kernel exploit. This critical vulnerability is applicable for all the versions of OS X and iOS based devices. It is really a serious issue for all Mac OS X users which really creates a serious sense of emergency in mind as this zero day vulnerability can result in hack of your system and cause severe issues for the users.
How Mac OS X Zero-Day Vulnerability Work
This OS X zero-day vulnerability is really a very critical issue that not only allows the hackers to hack your system but it also enables them to bypass the latest protection feature of your Macintosh computer introduced by Apple Inc. However, in order to exploit this very vulnerability in System Integrity Protection or SIP, the hacker have to compromise the target Mac machine first by making the user of phishing or any other kind of highly deceptive technique. Moreover, this will allows the vulnerability to work only in a multi-part attack or hack. Whats more, this zero-day SIP vulnerability (CVE-2016-1757) is a non-memory corruption bug enables the criminals to execute arbitrary code onto the infected machine. The attack then easily escalates the spyware’s privileges to and assist the hackers to bypass SIP and alter system files to stay on the infected system in order to perform malicious activities. The Researchers have also said that this very vulnerability could be utilized in highly targeted and state-sponsored attacks.
Easy to Attack And Tough to Remove
Well, it is quite easy for the hackers to attack and hack your Mac OS X using this OS X zero-day vulnerability. However, at the other hand it is really very tough for the users to detect and remove this hack. According to Vilaça, the zero-day vulnerability is a kind of browser-based or simple spear-phishing attack that is enough to compromise the target machine. The thing that worried the users most is that you can’t detect it easily and even worse removing this hack from your PC is way more difficult. In case if you somehow manage to detect it then removing the threat will be still a though nut to crack as SIP will work against you in this case.
Meanwhile, this zero-day vulnerability was found in early 2015 and is already reported to component Apple in January this year. Well, the good news is that this hack does not seem to be used till now. Although, Apple has patched this critical vulnerability, but the patch is available in updates for El Capitan 10.11.4, and iOS 9.3 where the other version of Mac OS X and iOS devices are still unsafe and can be targeted by the hacker using zero-day vulnerability. Hence, if you are using a Mac machine then you can be targeted by the hackers and can witness severe issues. Therefore, you need to be very careful while using your Mac system or iOS devices now until this problem is resolved permanently.
Well, as the patch of this vulnerability is been leached already for updates of latest Mac system hence we can hope that Apple will take strict action against this issue and will fix it completely soon. Again, after looking at this dangerous and worrisome hack it is proved that no matter how advanced technology you are using the chances of glitch is always there. Moreover, it is also very important for the users nowadays to stay very careful and aware of whats happening around the world. It is always very essential to know as much as possible about the danger that is coming toward your as with proper preparation you can at least minimize the damage.