BrandPost: Full macOS Compromise Using 15-Year-Old Bug<article>
<section class="page">
<p>A recently discovered vulnerability in macOS allows for full system compromise of macOS versions dating back 15 years. Residing in the "IOHIDFamily" component – notoriously used in the past to exploit various race conditions leading to system compromise – the vulnerability doesn’t seem remotely exploitable by itself, although it has existed for at least 15 years.</p><p>Triggered only by local access to a Mac, all macOS versions up to 10.13.1 appear to be affected. Security researcher Siguza warns that the vulnerability can still be weaponized to be remotely exploitable if a “sleeper program” – or malware with similar behavior – simply waits for the user to log out, reboot, or shut down, before activating the vulnerability.</p><p class="jumpTag"><a href="/article/3250125/macs/full-macos-compromise-using-15-year-old-bug.html#jump">To read this article in full, please click here[/url]</p></section></article>
Source:
BrandPost: Full macOS Compromise Using 15-Year-Old Bug