Vulnerabilities are discovered every day so it is remarkable that a flaw was present for 15 years and no one noticed.
A 15-year-old unpatched MacOS vulnerability was recently discovered and publicly released on New Year’s Eve by a security researcher. The flaw allows hackers to have access to any targeted Mac. From then on, the attackers can exploit the device easily, the security researcher who goes by the alias Siguza said.
Writing on Twitter on the 31st of December, Siguza said wrote that he was about to release a zero-day vulnerability which affected the MacOS, luckily, is a local privilege escalation flaw. This means that a user can only be affected if the attacker has a local connection to the targeted device. The bug is believed to affect the IOHIDFamily MacOS kernel driver, which is responsible for various user interactions on the devices.
In his tirade, the security researcher wrote that the flaw was a system compromise and had been available for close to 15 years. Siguza believes that the bug is triggered by some logout operations. This shows that attackers do not need to use any social engineering techniques to make use of the zero-day vulnerability. The flaw is also believed to affect the Apple security programs including the System Integrity Protection, (SIP), and the Apple Mobile File Integrity (AMFI). This gives hackers a chance to disable both of the programs.
Siguza claims that the proof of concept affects the MacOS Sierra 10.13.1 and an earlier version. He also suggested that it could be tweaked to work against the 10.13.2 version of the MacOS. Siguza did not contact Apple prior to releasing details of the bug, therefore no patch has been made available yet. It is also unclear whether Apple will work on the problem anytime soon, or acknowledge it.
In 2017 there was a substantial increase in the number of Apple security flaws released. In the wrong hands, these flaws can do devastating work, therefore Apple tries to stay a foot ahead of the problems. In most cases, the security flaws usually fetch substantial amounts of money on the black market.
When asked by a fellow Twitter user on the platform on why he chose to release the details publicly instead of selling them, he replied that he did not want to further the cause of black-hats. His intended goal was to only let people read about the exploit and give them information. He also did not disclose the problem to Apple because their bug bounty program does not include MacOS, he added.