|
|
|
|
|
|
by Iknowsecurity
3063 days ago
|
|
|
Regarding IOHIDFamily: An application may be able to execute arbitrary code with kernel privilege I found this: https://siguza.github.io/IOHIDeous/
that was published Dec 31. It took Apple 23 days since it was public before they released a fix. > The exploit accompanying this write-up consists of three parts: > poc (make poc)
Targets all macOS versions, crashes the kernel to prove the existence of a memory corruption. > leak (make leak)
Targets High Sierra, just to prove that no separate KASLR leak is needed. > hid (make hid)
Targets Sierra and High Sierra (up to 10.13.1, see README), achieves full kernel r/w and disables SIP to prove that the vulnerability can be exploited by any unprivileged user on all recent versions of macOS [!!!!!!!!!] |
|
|
I wish I could have found something newer, but according to Symantec the average resolution time found in their 2015 study was 69 days[2]. The last time Apple rushed a fix out.. it didn't go so well[3].
Now, while I'm waxing poetic, I may as well frighten you with a recent RAND corp study about how long Zero Days can be known privately before publicly disclosed [4]. It also doesn't take too long to weaponize them [5].
This stuff sucks and is really nerve racking for anyone involved in security even tangentially. It's really easy to criticize but I guarantee that anyone on Hacker News who has written any meaningful software has released a security flaw. If you think you haven't you're absolutely kidding yourself and should reevaluate your stance.
[1] https://social.technet.microsoft.com/Forums/windowsserver/en...
[2] https://www.symantec.com/connect/blogs/guide-zero-day-exploi...
[3] https://nakedsecurity.sophos.com/2017/11/30/apples-blank-roo...
[4] https://www.rand.org/news/press/2017/03/09.html
[5] https://securityintelligence.com/news/zero-day-research-time...