Happy New Year!
Just in time to kick off 2018 with a bang, a security researcher going by the name Siguza released scary details on a macOS zero-day exploit that’s apparently been around for 15 years and effects ALL Mac operating systems. The exploit allows any user to gain root access to your Mac. The exploit has been dubbed IOHIDeous. You can read the full details on Siguza’s github.
One tiny, ugly bug. Fifteen years. Full system compromise.
What’s the Risk?
The vulnerability allows hackers to target the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI) security systems. The exploit results in logging users out of the system, so be on the lookout for any unexpected logout. Taking advantage of the exploit requires local access to the Mac.
What Can We Do?
This announcement likely has Apple racing for a security patch. In the meantime, there’s not much we can do. If you experience an unexpected logout, manually power down your Mac immediately (press and hold the power button). On the bright side, your other Apple devices are safe. iOS products are not effected.