Emerging Threats

OS X bug leaves systems vulnerable to attack

Authored by a Symantec employee


There’s a perception that OS X is impenetrable, especially when compared to Windows. In recent times this assumption is being proven wrong.

The latest in a series of flaws discovered in OS X and iOS is a vulnerability in Apple’s security system. The shortcoming showed up in the System Integrity Protection (SIP), a security feature that Apple introduced with El Capitan last year. SIP was designed to prevent modifications to protected files and folders on Mac.

The OS X bug has not only bypassed SIP but can also be used to make malware harder to remove from an infected system.

This zero-day vulnerability exists in all versions of OS X and it has been addressed in the latest update to the operating system (OS X 10.11.4) that Apple announced March 21. Since the exploit code is available on the Web, Apple users are highly recommended to apply the patch.

How it works

To exploit this flaw, an attacker has to first compromise the targeted OS X system. This flaw is not directly exploitable remotely. The attacker would have to find a way to gain physical access to a system to leverage existing malware or may resort to spear phishing or try a browser exploit.

Once in, the attacker can use the exploit to load an unauthorized kernel code on the system and fully disable SIP protections inside the kernel.

With the newfound privileges to root access, an attacker can read and write privileges to all areas of the file system and potentially take control of the whole system.

Who is at risk?

Anyone with OSX and iOS. Since the nature of the exploit is to take control of the system, shared OS X computers such as those found in schools, government offices, large data systems are at high risk.

How to stay protected

To execute this attack, the attacker needs physical access or will resort to spear phishing tactics. You can stay protected by never giving out more information than needed on social media. It’s also important to keep your passwords strong. And be cautious when signing up for apps you don’t trust.

Always keep your software updated and invest in reliable security software. Norton Security Premium comes with protection for up to 10 Macs and iOS devices with a single subscription. It also safeguards your identity and online transactions. With a security service for all your devices you can rest easy as the service comes with dynamic updates to keep your device safe from emerging threats.

Most of all, use common sense when responding to emails. If you think something is not looking right, call, text or email the person before clicking on links.

Even though OS X is famous for fewer threats it doesn’t mean Macs are immune to attacks.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.