Security Warning: A Critical system vulnerability that affects 0.13 billion Apple users
Recently, security researchers have published a tweet about vulnerabilities on Apple devices and program code related to these vulnerabilities.
Unsatisfactory vulnerability repair
Media exposed a critical vulnerability (CVE-2016-1757) in Apple's device System last week to bypass Apple's latest Protection feature, System Integrity Protection, SIP ). This week, Apple released security updates on OS X El Capitan 10.11.4 and iOS 9.3 to address this issue. However, according to some security experts, these security updates are not ideal, it can even be viewed as invalid.
The vulnerability was initially detected by Pedro vilaça, a researcher at SentinelOne, which puts more than 0.13 billion of Apple users at a security risk. This vulnerability exists in most OS X versions of Apple. SentinelOne has reported the vulnerability to Apple.
Malicious attackers can exploit this vulnerability to initiate multi-phase network attacks and obtain sensitive information of the target device. At the same time, this vulnerability exists in a non-memory corruption vulnerability in each OS X version, which allows users to execute arbitrary code using any binary file. You can even bypass the key security functions of the latest version of OS X and El Capitan's System Integrity Protection (SIP), tamper with other system program processes, and finally obtain the root permission.
For the SIP protection mechanism, only files in the mark/System,/bin,/sbin and/usr blocks t/usr/local directories have unique identifiers, this means that only specific permissions can be used to modify these files. This successful SIP bypass privilege escalation attack bypasses system integrity and provides a backdoor for malicious attackers.
Security researchers Release related procedures
SentinelOne's security researchers discovered this vulnerability, but the security patches released by Apple disappointed some users and even affected Apple Computers in the latest version. Currently, Stefan Esser has released a new set of program code, which can bypass the SIP protection mechanism. The following is the information published on Twitter:
Esser said that the programs that affect the SIP protection mechanism are not only specific cases, but many devices have not completely fixed this issue.
Stefan Esser, a security researcher at German security company SektionEins, released a series of SIP-related vulnerabilities at this year's SyScan360 conference, currently, a SIP vulnerability exists in OS X 10.11.2 (fixed ).
Ln-s/S */E */A * Li */I */dev/diskX; fsck_cs/dev/diskX 1> &-; touch/Li */Ex */; reboot
Extended Program
Ln-s/System/Library/Extensions/AppleKextExcludeList. kext/Contents/Info. plist/dev/diskX
Fsck_cs/dev/diskX 1> &-
Touch/Library/Extensions/
Reboot