An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.
When an application is launched, Alkemade says, it reads some files and tries to load them using an insecure version of the “serialized” object. “In all of Apple’s operating systems, these serialized objects are used all over the place, often for inter-process exchange of data,” the researcher writes in the blog post describing the attack. “The way the attack works is that you can create those files at the place another application will load them from,” Alkemade says.
From here, Alkemade was able to escape the Mac app sandbox using the vulnerability—this was the first flaw that Apple fixed. By injecting the code into another application, it was possible to extend what the attack could do. Finally, Alkemade was able to bypass the System Integrity Protection that’s supposed to stop unauthorized code from reading or changing sensitive files. “I could basically read all of the files on the disk and also modify certain system files,” he says.
There is no evidence to date that the vulnerability has been exploited in the real world. However, the flaw shows how, in some instances, it may be possible for attackers to move through an entire operating system, increasingly being able to access more data. In the description for his talk, Alkemade says that as local security on macOS moves more toward an iOS model, this highlights that multiple parts of the system need to be reexamined.
Indonesia Berita Terbaru, Indonesia Berita utama
Similar News:Anda juga dapat membaca berita serupa dengan ini yang kami kumpulkan dari sumber berita lain.
Apple Loop: Sneaky iPhone 14 Decision, Latest Mac Mini Delay, Google’s iMessage Fight With AppleThis week’s Apple Loop includes Apple’s powerful iPhone 14 Pro decision, increased iPhone 14 orders, the second Mac Mini is delayed, USB-C for AirPods Pro, Apple slows acquisitions, Google challenges aim at iMessage, and more...
Baca lebih lajut »
This Mac hacker’s code is so good, corporations keep stealing itHe’s asking politely for them to stop, or pay.
Baca lebih lajut »
Big Mac is coming back: McDonald’s to reopen in UkraineMcDonald's will start reopening restaurants in Ukraine in the coming months, a symbol of the war-torn country's return to some sense of normalcy and a show of support after the American fast-food chain pulled out of Russia.
Baca lebih lajut »
Big Mac is coming back: McDonald’s to reopen in UkraineMcDonald’s said Thursday that it will begin gradually reopening some restaurants in the capital, Kyiv, and western Ukraine.
Baca lebih lajut »
Zoom’s Auto-Update Feature Came With Hidden Risks on MacThe popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.
Baca lebih lajut »
Mortgage rates tick back up above 5%, another challenge for first-time home buyersThe 30-year fixed-rate mortgage averaged 5.22% as of August 11, according to data released by Freddie Mac on Thursday — up 23 basis points from the previous week.
Baca lebih lajut »