Zero-Day in macOS Allows Root Access
A security researcher discovered a local privilege escalation (LPE) vulnerability that exists in macOS versions dating back to at least 2002. The vulnerability impacts the IOHIDFamily macOS kernel driver and can be leveraged by threat actors through logout operations such as manual shutdown or reboot. If successfully exploited, an unauthorized user could install a malicious application and gain complete control over a system by escalating account privileges to root level. The flaw also disables security features including the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI). An attacker must have physical access to a machine or have previously established access to the device in order for the vulnerability to be exploited. Apple plans to release a patch for the exploit later this month. A detailed report of the vulnerability is available on GitHub. The NJCCIC recommends users and administrators of affected macOS systems apply Apple software updates as soon as they are released and only download applications from the official Mac App Store.