Home > Cyber News > Apple’s Zero-Day Bypasses System Integrity Protection in iOS and OS X

Apple’s Zero-Day Bypasses System Integrity Protection in iOS and OS X


A zero-day flaw in Apple’s OS X may sound like something rather impossible. Unfortunately, researchers have indeed discovered a zero-day vulnerability that enables attackers to exploit key protection feature in the believed-to-be invincible operating system.

As revealed by SentinelOne researcher Pedro Vilaça during the SysCan360 2016 security conference in Singapore, the flaw exists in both OS X and iOS. Not only does it exist in both systems but it also affects all of their versions.

A Close Look at Apple’s Zero-Day

The vulnerability allows local privilege escalation. It can even bypass Apple’s latest protection feature – System Integrity Protection, or SIP. According to the researcher, the vulnerability enables an attacker to deceive the security feature without a kernel-based exploit. The flaw is described as a non-memory corruption bug which allows the execution of arbitrary code on any binary.

More on Arbitrary Code Execution

In a conversation with ZDnet, Mr Vilaça said that:

The exploit can be used to control any entitlement given to Apple to a certain binary. Because Apple needs to update the system there are binaries authorized to make modifications so those binaries can be exploited to bypass SIP.

The same exploit can also be used to load unsigned kernel code, and then fully disable SIP inside the kernel. In order for the attack to be initiated, a spear phishing email would be enough, or a browser vulnerability.

More on Spear Phishing

Moreover, he believes that the bug is 100 % reliable and that it could be just one part of a bigger bug chain that targets browsers like Google Chrome and Safari.

Because the vulnerability is highly reliable and will not cause any visible effects like crashing machines or processes, it is very likely to be used in targeted or state-sponsored attacks. In a nutshell, this is what the exploit leads to:

  • Arbitrary code execution;
  • Remote code execution;
  • Sandbox escapes;
  • Escalating privileges to bypass SIP;
  • Reside in the system.

What Should Apple Users Do to Stay Protected?

The vulnerability was disclosed in the beginning of 2015 but was reported to Apple in 2016. It has been patched in the following updates:

  • El Capitan 10.11.4
  • iOS 9.3

If you’re running earlier versions of both iOS and OS X, you’re strongly advised to update immediately.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree