Last week, a security researcher rang in the New Year with a new macOS zero day vulnerability.
For my first video of 2018, I cover an unpatched, local privilege escalation vulnerability that affects the latest version of macOS. A researcher going by Siguza tweeted about this new flaw on December 31st, without first letting Apple know about it. The vulnerability involves a kernel extension for Human Interface Devices (HID) called IOHIDFamily. In short, if a local attacker can execute code, they can exploit this flaw to gain full root control of our Mac computer. Watch the video below for a more details, and keep an eye out for Apple’s upcoming patch.
As an aside, the day I shot this video, a new story was emerging about big vulnerabilities in Intel, AMD, and Arm processors, which I quickly mention in this video. I have since shot a video on that subject too, which I’ll post as soon as I can edit it. In the meantime, if you want to learn more about these Meltdown and Spectre flaws, and how they affect our products, please read our Secplicity post on the subject and our knowledge base article.
Episode Runtime: 5.22
Direct YouTube Link: https://www.youtube.com/watch?v=r_nsXt1vxyU
EPISODE REFERENCES:
- Researcher posts his IOHIDeous zero day vulnerability – GitHub
- Security bod finds 15 year old MacOS 0day – The Inquirer