Vulnerability Management

macOS Zero Day details exposed by researcher

An independent security researcher that goes by the handle Siguza revealed a local privilege escalation Zero Day in macOS that can be exploited by any unprivileged user.

The vulnerability resides in the open-source IOHIDFamily, a kernel extension that provides an abstract interface of with human interface devices, and Siguza believes it may have been present in the operating system since 2002. The good news is anyone looking to exploit the issue has to have already access to the target system and Siguza said on Twitter that if the Zero Day were even remotely exploitable he would not have publicly exposed it.

Siguza noted on Twitter that he would have told Apple about the problem “if their bug bounty included macOS, or if the vuln was remotely exploitable.” He instead opted to get the news out for security researchers to read.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.