Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on March 25, 2016

    A new exploit gives hackers near-total control of any Mac

    A new exploit gives hackers near-total control of any Mac Image by: unknown
    Bryan Clark
    Story by

    Bryan Clark

    Former Managing Editor, TNW

    Bryan is a freelance journalist. Bryan is a freelance journalist.

    A newly discovered zero-day vulnerability for OS X allows hackers to execute code previously thought to be protected by Apples new kernel defense, known as System Identity Protection (SIP).

    “Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” said SentinelOne in a blog post announcing the discovery.

    SIP was a feature first introduced in El Capitan. It prevents users from changing system files through a “rootless” system that keeps even administrator accounts from accessing specific files without first disabling SIP.

    SentinelOne’s slides detail how a hacker could attack SIP directly, foregoing traditional exploits — such as memory corruption — to access a system all while operating with impunity due to the difficulty of spotting the exploit once it’s implemented.

    Once the hacker bypasses SIP, they have near total control of any device running OS X.

    Worse, bad actors could then use SIP as a a shield to prevent the system from repairing itself, a move SentinelOne security researcher calls a “protection racket.”

    Apple has been notified of the issue and a patch is on the way.