Zero-day exploit affects Apple's SIP

(pc-google images)

A zero-day exploit, in all current Mac OS X versions, has been detected by a researcher of SentinelOne which will enable hackers to circumvent Apple’s newest protection feature, System Integrity Protection (SIP).

“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” said SentinelOne in a blog post. 

The researcher, Pedro Vilaca, has described the vulnerability as a non-memory corruption issue which allows attackers to execute arbitrary code on any binary. It can bypass a key security feature of the latest version of OS X, El Capitan, the System Integrity Protection (SIP) without kernel exploits.

(pc-google images)

SIP was introduced with OS X 10.11, El Capitan. Apple designed SIP to prevent any users, even root ones, from modifying key system files. Once the hacker bypasses SIP, they have near total control of any device running OS X. The exploit could use SIP as a shield to prevent the system from repairing itself, which Vilaca calls a “protection racket.”

"It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes," SentinelOne explains. "This kind of exploit could typically be used in highly targeted or state sponsored attacks."

The flaw has been reported to Apple and a patch is on the way.