Zero-day Safari exploits allowed complete takeover of Mac

“White-hat hackers at a security conference in Vancouver have found two zero-day Safari exploits, one of which allowed them to escalate their privileges to the point that they were able to completely take over the Mac,” Ben Lovejoy writes for 9to5Mac.

“The first exploit managed to escape the sandbox, a protection macOS uses to ensure that apps only have access to their own data, and any system data permitted by Apple,” Lovejoy writes. “The second got rather further, gaining both root and kernel access to the Mac.”

“The event was hosted by Trend Micro under the branding of its Zero Day Initiative (ZDI). The program was created to encourage hackers to privately report vulnerabilities to the companies concerned rather than sell them to bad actors. ZDI does this by offering financial rewards and kudos,” Lovejoy writes. “As per its usual practice, ZDI will not release detailed information on the exploits until Apple has confirmed that it has fixed them in a macOS update.”

Read more in the full article here.

<

blockquote>MacDailyNews Take: </strongKudos to Trend Micro and its Zero Day Initiative for heloping to make Apple’s platforms even more sercure!

8 Comments

    1. While the article does not explicitly state this, it definitely reads like the researchers had direct, physical access to the Mac. It does not read like a remote exploit.

      If a hacker has physical access to your computer s/he can take over your computer via any number of potential exploits. If they can get inside your computer and have access to the motherboard they can own it virtually for the rest of its operational life.

      These direct, physical access exploits don’t worry me too much. Yes, they should be fixed, but the best protection is to not let people you don’t 100% trust have physical access to your Mac.

      1. Not really, safari exploits tend to be having someone visit an infected site or page that launches the attack. So in theory as long as you don’t visit that site, then sure you’re ok.

        But all it takes is one slip when you’re typing or a hijacked link on a normally good site and then you’re pwnd. Macs are not immune but better to have it found/fixed first

        1. The article appears to confirm your infected site theory.

          “The final entry in Day One saw the phoenhex & qwerty team (@niklasb @qwertyoruiopz and @bkth) targeting Apple Safari with a kernel elevation. They demonstrated a complete system compromise. By browsing to their website, they triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Unfortunately, it was only a partial win since Apple already know of one of the bugs used in the demo. Still, they earned themselves $45,000 USD and 4 points towards Master of Pwn.ZDI”

  1. The National Security State Spy Apparatus is thwarted less and less by Apple’s implementation of security features so it’s laughing all the way to the database.

Leave a Reply to John Dingler, artist Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.