System Integrity Protection (SIP) is a new feature, recently designed by Apple to prevent malicious software from modifying the protected files and folders in your MAC. Essentially to protect the system from anyone who has root access, authorized or not and also protect the system from getting hijacked by the malicious code. According to the researchers “The same exploit allows someone to escalate privileges and also to bypass system integrity. In this way, the same OS X security feature designed to protect users from malware can be used to achieve malware persistency.” For example “To exploit this vulnerability, an attacker must first compromise the target system. This could be accomplished via a spear phishing attack, or by exploiting the user’s browser” Hackers could attack SIP directly, forgoing traditional methods, such as memory corruption, to access a system at the same time, which allows the hackers to execute the temporary code on the targeted machine, to perform remote code execution (RCE) or sandbox escapes. And Once the hacker successfully bypasses the System Integrity Protection (SIP), it has almost total control of any device running OS X. Researchers say that “It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes. This kind of exploit could typically be used in highly targeted or state-sponsored attacks.” The most problematic part is that it is very difficult to detect the vulnerability, somehow, if it happens then it will be very difficult or impossible task to remove the virus from your MAC. Since this vulnerability does not only reveals a major security flaw in OS X, but also provides more evidence that exploits can be extremely stealthy, and sometimes virtually it is almost impossible to detect. However, Apple has been notified of the problem and fixes will be available soon.
Δ
