contador web Skip to content

Memory flaw circumvents OS X El Capitan protection

When Apple released its latest version of OS X at the end of last year, it added a protection feature that went unnoticed by users but was very important: it’s about protecting system integrity (System Integrity Protection, or simply SIP). Basically a device that prevents any access (including administrative) to internal OS files and directories.

This means that, for end users, the system can be fully operated without the need to access privileges normally reserved for the super user (root). In the past, this interface was already quite restricted in relation to other flavors of Unix / Linux-based systems, but the change has affected several advanced usage scenarios including third-party driver installs in certain cases and limited the attack surface to Macs by through malware installations.

Although it was nothing to disable, researchers have recently discovered a method capable of circumventing SIP and installing malicious applications with persistence over updates and protection techniques employed by the operating system and third-party solutions. The technique cannot be exploited in a direct attack on the OS, but it can be combined with other attacks that exploit software vulnerabilities.

The author of the discovery was the Portuguese Pedro Vilaa, who demonstrated it in Singapore last month. Apple does not usually comment on bug discoveries by hackers, but it is likely to be fixed in a future OS X El Capitan maintenance update.

(via Apple World Today)