Apple has already released the OS X 10.11.4 some days ago, and if you have updated to the latest firmware, you must be thinking that the patch delivered by Apple this time is ineffective. Well, that’s true, and it will surely disappoint a lot of Apple users, as iOS 9.3 and OS X El Capitan 10.11.4 have got a privilege escalation vulnerability that can affect over 130 Million Apple users.
Image : SIP Bypass Exploit Code for iOS
The privilege escalation vulnerability was reported more than a week ago and was found inside System Integrity Protection (SIP), Apple’s famous security mechanism. The new vulnerability affects all OS X versions. And even though the critical flaw has been fixed by Apple in the latest patches for iOS devices and Macs, it is still possible to bypass the SIP in the most recent version of the OS. This leaves Apple customers extremely vulnerable to loopholes that could be used for hijacking their machines remotely.
A Tweet Can Carry the SIP Bypass Exploit Code :
A security researcher / jailbreaker from Germany called Stefan Esser has given out a new exploit code that can be used to bypass the latest patched version of the SIP [image above]. And this code is small enough to be fit into a Tweet [ext link]. The code in question can be used to change an important OS X configuration file, a file that can’t be touched even by a root user. Here’s that dreadful code :
The code then expands to this:
With this exploit code, Apple’s SIP mechanism can be bypassed easily, giving liberty to the hacker to run processes as per wish.
What is System Integrity Protection (SIP) ?
SIP was introduced with the OS X El Capitan and is a security protection feature used to protect the OS X kernel. The SIP has been made for restricting the root account of OS X devices and limiting the privileges a root user can have when it comes to performing actions on protected areas of the system. Apart from that, SIP also prevents software from modifying the startup volume. The security technology also blocks some kernel extensions from loading, and it also limits certain apps from debugging. By default, System Integrity Protection protects pre-installed OS X apps and these folders: /usr, /System, /bin, /sbin.
How to Fix :
The softest way to put it is that this is a very sensitive time for Apple and the users. Fortunately Apple has fixed this vulnerability with iOS 9.3.1 update , and you must Download iOS 9.3.1 firmware to your device to fix this.