IOHIDeous: IOHIDFamily once again. (The tale of a macOS-only vulnerability)

[Badruzeus]

On December 31, a new unpatched vulnerability in macOS went public, with all versions of the desktop operating system said to be affected, possibly including version 10.13.2 which was released on December 6.

 

Published by security researcher Siguza on Twitter, the security flaw allows an attacker to obtain root access and take full control of a system, though it’s important to know that a successful exploit requires local access to the computer to execute arbitrary code.

 

The local privilege escalation (LPE) vulnerability was discovered after the researcher started inspecting the iOS kernel for security flaws, only to discover the glitch in an extension of IOHIDFamily called IOHIDSystem that’s exclusively used on macOS. This particular component is required for human interface devices (HID).

 

Source: Softpedia

Original @Siguza's tweet, GitHub.