Every year, PWNFEST takes place in Seoul, South Korea, a global hacking event that gives prizes to teams that first manage to exploit loopholes in predetermined targets. This year, one of the selected targets was the Safari from macOS Sierra, and guess what: the browser was hacked in a mere 20 seconds.
Pangu and JH succeeded in exploiting Apple Safari on macOS Sierra and got root privilege, and $ 100,000 in # PwnFest2016. # POC2016.
– vangelis (@vangelis_at_POC) November 11, 2016
A collaboration between the PanGu groups (which has released famous and controversial versions of jailbreaks for recent iOS versions) and JH managed to detect a breach in the standard Mac browser and hacked the system with a exploit that was successfully run in just a third of a minute, giving hackers access root to Sierra. Invasively, the group received $ 80,000, with a bonus of another $ 20,000 for speed.
Other targets dropped in this edition of PWNFEST include Microsoft Edge, on Windows 10, and Google Pixel, which was hacked in 60 seconds with the execution of a remote code (which is relatively more worrying, because, well, remote). The Flash, poor thing, was hacked in a meager four seconds with the exploitation of some flaws with more than a decade of existence.
Since these are benevolent events, of course, the loopholes discovered are all reported to the respective developers before release, so that they are properly corrected.
· · ·
In other news related to security, some lucky people who have already put their hands on the new MacBooks Pro are noticing something very strange: some units of the new model are apparently leaving the factory with the SIP (System Integrity Protection, or system integrity protection) turned off.
The feature, responsible for preventing access to ?sensitive? files and folders on the system, has traditionally been activated on all Macs since its introduction, on OS X El Capitan. Developers Jonathan Wight and Steve Troughton-Smith, however, realized that some of the units in the new Touch Bar MBPs are coming with SIP turned off; apparently, there are no reports of the same occurrence on machines without the OLED bar.
Consensus seems to be that some (but not all) Touch Bar models are shipping with SIP disabled. No reports of a non-Touch Bar / Escape doing so
– Steve T-S (@stroughtonsmith) November 17, 2016
To check if SIP is activated on your machine, simply run the command csrutil status on the Terminal. If the feature is turned off and you want to reactivate it, you need to restart your Mac in recovery mode (by pressing R until the Apple logo appears on the screen), click Terminal Utilities and, in the Terminal window, run the command csrutil enable, restarting the machine again later. If for some reason you want to disable the functionality, the process is the same, replacing the command at the end with csrutil disable.
Apple has yet to issue an official response on the matter and, apparently, it is (more) a failure by Ma instead of an intentional omission for some mysterious reason. If so, we will certainly see the bug fixed in the next Sierra update.
· · ·
Another flaw that has been putting a simple flea behind the ear of the owners of the new MacBooks Pro has to do with the good old "About This Mac" window. Some machines are reporting the presence of a different integrated graphics unit (and best) in relation to that which is actually inside the machine. V if you can!
Affected users report that the MBP accuses the Intel Iris Pro 580 as GPU integrated in the machine, when the chipsets employed in the latest Apple laptops are the most modest Intel HD Graphics 530 this, of course, without considering the dedicated cards of AMD's 15-inch models.
Stranger still to realize that, in some cases, the system shows different GPUs depending on its status displaying the Iris Pro 580 when connected to power and (correctly) HD Graphics 530 when running on battery.
This is reason enough to believe that this is a simple bug in the system, and not one (increasingly rare) outburst of generosity from Apple when doing a silent upgrade of the machines. Anyway, to beat the hammer in the thesis of the bug, it is enough to see that the machines accusing the presence of Iris Pro do not present gain in the graphic performance in fact, Apple only employs this chipset on Macs with some specific types of Core i5 and i7 processors.
So, just one more flaw. One more.
(via 9to5Mac, AppleInsider, MacRumors)