• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Kudos1 Stats

OS X Bug leaves Systems Vulnerable to Attack

There’s a perception that OS X is impenetrable, especially when compared to Windows. In recent times this assumption is being proven wrong.

The latest in a series of flaws discovered in OS X and iOS is a vulnerability  in Apple’s security system. The shortcoming showed up in the System Integrity Protection (SIP), a security feature that Apple introduced with El Capitan last year. SIP was designed to prevent modifications to protected files and folders on Mac.  The OS X bug has not only bypassed SIP but can also be used to make malware harder to remove from an infected system.

This zero-day vulnerability exists in all versions of OS X and it has been addressed in the latest update to the operating system (OS X 10.11.4) that Apple announced March 21. Since the exploit code is available on the Web, Apple users are highly recommended to apply the patch.

How it works

To exploit this flaw, an attacker has to first compromise the targeted OS X system. This flaw is not directly exploitable remotely. The attacker would have to find a way to gain physical access to a system to leverage existing malware or may resort to spear phishing or try a browser exploit.

Once in, the attacker can use the exploit to load an unauthorized kernel code on the system and fully disable SIP protections inside the kernel.

With the newfound privileges to root access, an attacker can read and write privileges to all areas of the file system and potentially take control of the whole system.

Who is at risk?

Anyone with OSX and iOS. Since the nature of the exploit is to take control of the system, shared OS X computers such as those found in schools, government offices, large data systems are at high risk.

How to stay protected

To execute this attack, the attacker needs physical access or will resort to spear phishing tactics. You can stay protected by never giving out more information than needed on social media. It’s also important to keep your passwords strong. And be cautious when signing up for apps you don’t trust.

Always keep your software updated and invest in reliable security software. Norton Security Premium comes with protection for up to 10 Macs and iOS devices with a single subscription. It also safeguards your identity and online transactions. With a security service for all your devices you can rest easy as the service comes with dynamic updates to keep your device safe from emerging threats.

Most of all, use common sense when responding to emails. If you think something is not looking right, call, text or email the person before clicking on links.

Even though OS X is famous for fewer threats it doesn’t mean Macs are immune to attacks.

Comments

Kudos0

Good manual on ebook store:

Consultez ce livre sur l’iBooks Store : « Learning iOS Penetration Testing » de Swaroop Yermalkar https://itun.es/fr/frgi_.l

the books is in english.