This can result in a wide spectrum of consequences. “The nature of this particular exploit enables it to evade defenses by utilizing very reliable and stable techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss."The vulnerability allows malicious applications to impersonate specially recognized trusted applications without any user notification. “This vulnerability not only reveals a major security flaw in OS X, but also provides further evidence that exploits can be extremely stealthy, and at times, virtually impossible to detect,” Vilaça pointed out. Vilaça has presented his findings on Thursday at the SysCan360 2016 in Singapore, and Ian Beer has shared more details about it a recent blog post. “But someone else might release it,” he added. He created a fully working PoC exploit for the bug, but hasn’t yet decided whether he will release it as only El Capitan appears to have a patch. “Since the bug is present on all OS X versions there is always a possibility that someone else found it before I did,” he told Help Net Security. He says that there is no indication that this flaw has been exploited by attackers in the past, but that it’s possible. “This kind of exploit could typically be used in highly targeted or state sponsored attacks,” Vilaça pointed out. But once that’s accomplished, the exploit for the bug can be safely deployed and is sure not to crash machines or processes. To exploit the flaw, an attacker must first compromise the target system – via a spearphishing attack, by exploiting the user’s browser, and so on. Also, a fake Flash update regularly used to distribute malware could be leveraged to further compromise systems.” Then to escalate privileges to root and/or bypass System Integrity Protection to achieve persistency. “Initially, the exploit could be used to achieve code execution and sandbox escapes. “The exploit is extremely reliable (100%) and it could be part of a bug chain that exploits a browser like Safari or Chrome,” he noted. “SIP is a new feature, which is designed to prevent potentially malicious software from modifying protected files and folders: essentially to protect the system from anyone who has root access, authorized or not,” Vilaça, a researcher with Sentinel One, explained. An OS X zero day vulnerability could allow attackers to bypass System Integrity Protection, Apple’s newest protection feature, and to escalate their privileges, simplifying the path to total system compromise in both OS X and iOS systems.Īccording to researcher Pedro Vilaça, who discovered the flaw in late 2015, roughly at the same time as researcher Ian Beer of Google Project Zero, the vulnerability (CVE-2016-1757) is a non-memory corruption bug that exists in all versions of OS X and iOS and allows users to execute arbitrary code on any binary.Īpple has been notified of it, and has included a patch for the hole in the latest security update for OS X El Capitan (10.11.4) and in iOS 9.3.
0 Comments
Leave a Reply. |