Uma falha de dia zero no OS X da Apple pode parecer algo impossível. Infelizmente, pesquisadores descobriram de fato uma vulnerabilidade de dia zero que permite que os invasores explorem o recurso de proteção chave no sistema operacional considerado invencível.
As revealed by SentinelOne researcher Pedro Vilaça during the SysCan360 2016 security conference in Singapore, the flaw exists in both OS X and iOS. Not only does it exist in both systems but it also affects all of their versions.
A Close Look at Apple’s Zero-Day
The vulnerability allows local privilege escalation. It can even bypass Apple’s latest protection feature – System Integrity Protection, ou SIP. Segundo o pesquisador, the vulnerability enables an attacker to deceive the security feature without a kernel-based exploit. The flaw is described as a non-memory corruption bug which allows the execution of arbitrary code on any binary.
mais sobre Arbitrary Code Execution
In a conversation with ZDnet, Mr Vilaça said that:
The exploit can be used to control any entitlement given to Apple to a certain binary. Because Apple needs to update the system there are binaries authorized to make modifications so those binaries can be exploited to bypass SIP.
The same exploit can also be used to load unsigned kernel code, and then fully disable SIP inside the kernel. In order for the attack to be initiated, a spear phishing email would be enough, or a browser vulnerability.
mais sobre Spear Phishing
Além disso, he believes that the bug is 100 % reliable and that it could be just one part of a bigger bug chain that targets browsers like Google Chrome and Safari.
Because the vulnerability is highly reliable and will not cause any visible effects like crashing machines or processes, it is very likely to be used in targeted or state-sponsored attacks. Em poucas palavras, this is what the exploit leads to:
- Arbitrary code execution;
- Execução remota de código;
- Sandbox escapes;
- Escalating privileges to bypass SIP;
- Reside in the system.
What Should Apple Users Do to Stay Protected?
The vulnerability was disclosed in the beginning of 2015 mas foi relatado à Apple em 2016. It has been patched in the following updates:
- El Capitan 10.11.4
- iOS 9.3
If you’re running earlier versions of both iOS and OS X, you’re strongly advised to update immediately.