Researcher Discloses Critical macOS Privilege Escalation Bug

There has been a lot of buzz lately about Meltdown and Spectre, which are really worrisome speculative execution vulnerabilities that affect most Intel, and many ARM and AMD CPUs. Companies like Microsoft and Apple are busy making sure that millions of users worldwide have patches that they can install.

It’s probably the biggest cybersecurity story so far in 2018. But amidst all of that commotion, here’s news that you may have missed. Security researcher Siguza discovered a critical macOS vulnerability which affects versions of macOS and OS X from the latest 10.13 High Sierra perhaps all the way back to 10.2 Jaguar. Siguza calls it IOHIDeous.

What’s IOHIDeous?

IOHIDeous can be exploited by unprivileged users to acquire privileged kernel-level read and write access. So, if an attacker knows how to exploit IOHIDeous, your Mac is theirs to control however they want.

Think of the sensitive data that could be in a Mac’s HDD or memory at any time. Many users do online shopping and banking on their Macs. It’s also very likely that there are tokens for iTunes and App Store accounts, and possibly even web tokens for services such as Apple Pay. An attacker could really ruin a Mac user’s life by exploiting IOHIDeous.

IOHIDeous is named after the IOHIDSystem class of functions in macOS. IOHIDSystem is an input/output device driver which allows interaction directly with the kernel. Learning about IOHIDSystem should be lots of fun for Mac geeks who want to learn more about the inner workings of macOS. It contains a lot of different functions that Mac app developers could find useful for various purposes, including many with the cursor, mouse and keyboard.

IOHIDSystem has lots of features which differ a little bit between different versions of macOS/OS X. So, there are some aspects (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Blog. Read the original post at: