Zero day OS X flaw can bypass System Integrity Protection
Security company SentinelOne has released news of a major flaw in Apple OS X systems that can allow the bypassing of the latest System Integrity Protection security feature.
This zero day vulnerability is present in all versions of Apple's OS X operating system. It has been reported to Apple and patches will be available soon. SentinelOne’s lead OS X security expert, Pedro Vilaça, is presenting the full findings on this vulnerability today at SysCan360 2016 in Singapore.
System Integrity Protection is intended to limit the ability of a root account to access protected parts of iOS and OS X. But some programs, such as those that update the operating system, retain privileges. It's this that is being exploited by the flaw which allows programs to run arbitrary code on the device and bypass SIP.
To exploit the vulnerability, an attacker must first compromise the target system, which could be done via a spearphishing attack, or by an exploit in the user's browser. The vulnerability is said to be reliable and stable, and won't cause systems to crash. It's also able to avoid detection using techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss. The good news is that, up to now, there's no evidence of it being used in the wild.
You can find out more about the threat and see a full copy of Vilaça's presentation on the SentinelOne blog.