Mac OS X 0-Day Posted: Possibly affects 10.1 (Puma) and up - Sensationalist Headlines

Mac OS X 0-Day Posted: Possibly affects 10.1 (Puma) and up

5 replies, posted
In This Thread

[B]Affects every single OS X release from 2002 to current[/B] [url]https://wccftech.com/15-year-old-macos-security-flaw-dumped-online/[/url] [QUOTE]“One tiny, ugly bug. Fifteen years. Full system compromise,” wrote one security researcher, starting a Twitter storm on the new year’s eve. Apple has had one tough year full of security disasters and it appears the company is greeting the new year with even more of security vulnerabilities. Unlike the macOS root vulnerability, the latest security flaw isn’t that severe but shows that Apple has been sloppy when it comes to software security. A security researcher calling themselves “hobbyist hacker” released a zero day macOS vulnerability that they suggest is “at least” 15 years old. The unpatched flaw can enable an unprivileged user to take control of the system if they have physical access to the system to execute arbitrary code and get root permissions.[/QUOTE] Here's the Github post: [url]https://siguza.github.io/IOHIDeous/[/url] [QUOTE][B]From looking at the source, this vulnerability seems to have been present at least since as far back as 2002. There also used to be a copyright notice from NeXT Computer, Inc.[/B] noting an EventDriver.m - such a file is nowhere to be found on the web, but if the vulnerable code came from there and if the dates in the copyright notice are to be trusted, that would put the origin of the bug even 10 years further back (older than myself!), but I don’t know that so I’m just gonna assume it came to life in 2002.[/QUOTE] Sorry kids, doesn't look like your PowerMacs can save you from this one. Probably not even your NeXTCubes, either. [sp]it's easy, just run OS 9 instead[/sp]

What does this mean for mac os users

[quote]if they have physical access to the system [/quote] These few words make this entire bug absolutely useless and hold no security weight.

Good thing I still have my old Apple Desktop that runs os 9.

[QUOTE=Gbps;53023691]These few words make this entire bug absolutely useless and hold no security weight.[/QUOTE] Er, this is still a pretty major bug for businesses and companies that use Mac OS regardless. [editline]Ediited:[/editline] As an example a previous company I worked at exclusively was running all of their systems on Mac OS 10.1x, and that's hundreds of systems that can now be potentially compromised

Sweet mother of god that write up! An impressive amount of work went into this, surprised they didn't register to talk at 34c3, or other security centred conventions!

Sorry, you need to Log In to post a reply to this thread.