“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” said SentinelOne in a blog post announcing the discovery.
30,000 tech-heads descend on Amsterdam
Join us and 30,000 others at the 12th edition of TNW Conference. 2-for-1 tickets available soon.
SIP was a feature first introduced in El Capitan. It prevents users from changing system files through a “rootless” system that keeps even administrator accounts from accessing specific files without first disabling SIP.
SentinelOne’s slides detail how a hacker could attack SIP directly, foregoing traditional exploits — such as memory corruption — to access a system all while operating with impunity due to the difficulty of spotting the exploit once it’s implemented.
Once the hacker bypasses SIP, they have near total control of any device running OS X.
Worse, bad actors could then use SIP as a a shield to prevent the system from repairing itself, a move SentinelOne security researcher calls a “protection racket.”
Apple has been notified of the issue and a patch is on the way.