Apple’s

now browsing by tag

 
 

15-year-old Unpatched Root Access Bug found in Apple’s macOS

Source: National Cyber Security – Produced By Gregory Evans

After a disastrous 2017, where Apple faced all sorts of security-related issues and complaints, the company is in trouble again right from the first day of the New Year! On the very first day of 2018 (or the last day of 2017, depending on your location and region), a security researcher having immense expertise in hacking Apple’s iOS has posted details of an unpatched security flaw present in macOS operating system.

“One tiny, ugly bug. Fifteen years. Full system compromise” wrote the researcher, who uses the alias Siguza (s1guza).

The researcher stated that the flaw can be exploited by cyber-crooks to gain full control of the computer. The unpatched zero-day vulnerability is claimed to be 15 years old. The researcher has also posted a proof-of-concept exploit code, which can be reviewed on GitHub.

Siguza, who also calls himself Hobbyist Hacker, noted that this is a dangerous local privilege escalation (LPE) flaw, which allows anyone (even an unprivileged attacker) to obtain root access on the targeted computer so as to execute malicious code. This LPE flaw affects the kernel extension IOHIDFamily, which was designed for HID (human interface device) like touchscreen or buttons.

Furthermore, the malware that has been designed to exploit this 0-day vulnerability can install itself deep into the system and cybercriminals can target Apple’s critical security programs like the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI).

In order to successfully carry out the exploitation of the system, cybercriminals need to get users logged out from the system, which is likely to alert most of the users. However, to evade detection, cybercriminals can attack when the system is shut down or restarted.

The flaw was discovered when Siguza was trying to identify flaws that would allow him to hack the iOS kernel. While doing so Siguze noticed that some of the extension’s components including the IOHIDSystem existed solely on macOS. This discovery led to the identification of the critical zero-day vulnerability in the operating system. Siguza wrote in his post:

“Needs to be running on the host already (nothing remote), achieves full system compromise by itself, but logs you out in the process.”

“Can wait for logout though and is fast enough to run on shutdown/reboot until 10.13.1. On 10.13.2 it takes a fair bit longer (maybe half a minute) after logging out, so if your OS logs you out unexpectedly… maybe pull the plug?” explained Siguza.

The vulnerability is found only in macOS and not in other Apple products such as the iOS but it affects all versions of macOS. Although the flaw is not too serious and concerning it does show that Apple needs to enhance the security of its software. The proof-of-concept created by Siguza is applicable on macOS High Sierra 10.13.1 and earlier versions but he believes that the exploit can be tweaked to become effective on a new version of macOS 10.13.2 released on Dec 6.

Siguza further added that the reason why he publicly announced his findings instead of informing Apple secretly is that the flaw was not remotely exploitable and Apple’s bug bounty program also didn’t cover macOS. Apple, on the other hand, hasn’t responded to the news or released any statement in relation to the findings of Siguza. We will update the article when Apple responds.

The post 15-year-old Unpatched Root Access Bug found in Apple’s macOS appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Apple’s New iPhone X Could Help Identity Thieves Steal Your Face

Source: National Cyber Security – Produced By Gregory Evans

Apple has announced that it plans to replace previous iPhone login credentials with facial recognition technology to log into the iPhone and to access Apple Pay. This should prompt some privacy and security concerns, but probably not the ones you’re thinking. It’s not the TSA or the Deep State who…

The post Apple’s New iPhone X Could Help Identity Thieves Steal Your Face appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bug took Apple’s Developer website down amid hacking fears

Source: National Cyber Security – Produced By Gregory Evans

After several developers reported a possible security breach in Apple’s Developer website as their account addresses showed an address in Russia, Apple has said the problem originated owing to a bug in its account management application. According to a MacRumours report on Thursday, several developers reported that all of their…

The post Bug took Apple’s Developer website down amid hacking fears appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security

Source: National Cyber Security – Produced By Gregory Evans

A hacker going by the handle xerub has just released what he claims to be a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware. This could be a major blow for iOS security because of the importance of the SEP: It handles Touch ID transactions and is completely…

The post Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Thoughts on Mavericks & Apple’s Return to their Power Users – Missing Computer AlertMissing Computer Alert

missingcomputeralert.com – Thoughts on Mavericks & Apple’s Return to their Power Users OSX Mavericks marks another evolution in Apple’s operating system. We saw a lot more features bas… Yeah, I agree about bringing the iPad …

View full post on Hi-Tech Crime Solutions Weekly

China responds over “hacker infiltration to Apple’s iCloud”

China responds over “hacker infiltration to Apple’s iCloud”

BEIJING, Oct. 21 (Xinhua) — China reiterated opposition to cyber attacks from hackers in all forms after media reported Chinese hackers infiltrated Apple’s iCloud. Hackers interposed their own website between users and Apple’s iCloud server, intercepting data and potentially gaining […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Apple’s Encryption Will Slow, Not Stop, Cops And Spies National Cyber Security

nationalcybersecurity.com – While the newest Apple Inc. (AAPL) and Google Inc. (GOOGL) smartphones will automatically encrypt data stored on them, that won’t keep U.S. law enforcement and intelligence agencies from obtaining …

View full post on Hi-Tech Crime Solutions Weekly

Apple’s Encryption Will Slow, Not Stop, Cops And Spies

Apple’s Encryption Will Slow, Not Stop, Cops And Spies

While the newest Apple Inc. (AAPL) and Google Inc. (GOOGL) smartphones will automatically encrypt data stored on them, that won’t keep U.S. law enforcement and intelligence agencies from obtaining evidence linked to the devices. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud – National Cyber Security | National Cyber Security

nationalcybersecurity.com – As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack vic…

View full post on Hi-Tech Crime Solutions Weekly

After nude celebrity hacking, Apple’s Tim Cook says company will improve security

Source: National Cyber Security – Produced By Gregory Evans

After nude celebrity hacking, Apple’s Tim Cook says company will improve security

In the wake of the naked celebrity photo hacking, Apple chief executive Tim Cook says the company could have done more to make people aware of security measures and will introduce ways to better protect user accounts. In an interview with […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post After nude celebrity hacking, Apple’s Tim Cook says company will improve security appeared first on National Cyber Security.

View full post on National Cyber Security