A crucial vulnerability, “zero-day” was recently discovered in all the versions of Apple’s OS X operating system, which allows hackers to exploit the company’s newest protection feature, System Integrity Protection (SIP), and steal sensitive data from the affected systems.
System Integrity Protection (SIP) is a new feature recently designed by Apple to prevent malicious software from modifying your MAC’s protected files and folders.
New Flaw Gives Hackers Total Control Of Any MAC
Essentially to protect the system from anyone who has root access, authorized or not, and also protect the system from getting hijacked by malicious code.
According to the researchers, “The same exploit allows someone to escalate privileges and bypass system integrity.
In this way, the same OS X security feature designed to protect users from malware can be used to achieve malware persistency.” For example, “To exploit this vulnerability, an attacker must first compromise the target system. This could be accomplished via a spear phishing attack or by exploiting the user’s browser”
Hackers could attack SIP directly, forgoing traditional methods, such as memory corruption, to access a system at the same time, which allows the hackers to execute the temporary code on the targeted machine, to perform remote code execution (RCE) or sandbox escapes. And Once the hacker successfully bypasses the System Integrity Protection (SIP), it has almost total control of any device running OS X.
Researchers say that “It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes. This exploit could typically be used in highly targeted or state-sponsored attacks.”
The most difficult part is that it is very difficult to detect the vulnerability; somehow, if it happens, it will be difficult or impossible to remove the virus from your MAC.
Since this vulnerability not only reveals a major security flaw in OS X but also provides more evidence that exploits can be extremely stealthy and sometimes virtually, it is almost impossible to detect. However, Apple has been notified of the problem, and fixes will be available soon.