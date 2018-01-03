AppleMalware2

An independent security researcher that goes by the handle Siguza revealed a local privilege escalation Zero Day in macOS that can be exploited by any unprivileged user.

The vulnerability resides in the open-source IOHIDFamily, a kernel extension that provides an abstract interface of with human interface devices, and Siguza believes it may have been present in the operating system since 2002. The good news is anyone looking to exploit the issue has to have already access to the target system and Siguza said on Twitter that if the Zero Day were even remotely exploitable he would not have publicly exposed it.

Siguza noted on Twitter that he would have told Apple about the problem “if their bug bounty included macOS, or if the vuln was remotely exploitable.” He instead opted to get the news out for security researchers to read.