Ancient unpatched IOHIDeous vulnerability allows root access to macOS

9 Comments

Apple logo on MacBook

Apple has a tendency to pride itself on security, but a researcher has released details of a macOS vulnerability that allows for complete system control by an unprivileged user.

A self-described "hobbyist hacker," Siguza, has published details of the exploit which is thought to have existed, undetected and unpatched for at least a decade. As well as details of the security flaw, Suguza has also published proof-of-concept code for the IOHIDeous vulnerability on GitHub.

In a highly-detailed write-up, Siguza says that the bug has been present for at least 15 years, but suggests it is possible that it has been around for as much as 25 years. The security researcher sums up the flaw by saying: "Woah. One tiny, ugly bug. Fifteen years. Full system compromise."

News of the vulnerability broke on New Year's Eve with Siguza using a tweet to say:

Introducing the vulnerability, the researcher explains:

This is the tale of a macOS-only vulnerability in IOHIDFamily that yields kernel r/w and can be exploited by any unprivileged user.

IOHIDFamily has been notorious in the past for the many race conditions it contained, which ultimately lead to large parts of it being rewritten to make use of command gates, as well as large parts being locked down by means of entitlements. I was originally looking through its source in the hope of finding a low-hanging fruit that would let me compromise an iOS kernel, but what I didn’t know it then is that some parts of IOHIDFamily exist only on macOS -- specifically IOHIDSystem, which contains the vulnerability discussed herein.

The exploit accompanying this write-up consists of three parts:

  • poc (make poc)
    Targets all macOS versions, crashes the kernel to prove the existence of a memory corruption.
  • leak (make leak)
    Targets High Sierra, just to prove that no separate KASLR leak is needed.
  • hid (make hid)
    Targets Sierra and High Sierra (up to 10.13.1, see README), achieves full kernel r/w and disables SIP to prove that the vulnerability can be exploited by any unprivileged user on all recent versions of macOS.

Apple is yet to comment on the discovery, but the level of detail publicly provided by Siguza means that a fix can't be far away.

Image credit: Tamisclao / Shutterstock

9 Comments

9 Responses to Ancient unpatched IOHIDeous vulnerability allows root access to macOS

Got News? Contact Us

Recent Headlines

Human risk management automation can help beat burnout

Vivaldi 6.7 debuts Memory Saver performance booster, expands Feed Reader capabilities

Best Windows apps this week

Addressing digital transformation needs in the public sector [Q&A]

The psychological impact of phishing attacks on your employees

Canonical releases Ubuntu Linux 24.04 LTS 'Noble Numbat'

New tool lets enterprises build their own secure gen AI chatbots

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.