By injecting the code into another application, it was possible to extend what the attack could do. Essentially, a malicious “serialized object” is created and can make the system behave in ways it is not supposed to.įrom here, Alkemade was able to escape the Mac app sandbox using the vulnerability-this was the first flaw that Apple fixed. “The way the attack works is that you can create those files at the place another application will load them from,” Alkemade says. “In all of Apple’s operating systems, these serialized objects are used all over the place, often for inter-process exchange of data,” the researcher writes in the blog post describing the attack. When an application is launched, Alkemade says, it reads some files and tries to load them using an insecure version of the “serialized” object. “It's basically one vulnerability that could be applied to three different locations,” he says.Īfter deploying the initial attack against the saved state feature, Alkemade was able to move through other parts of the Apple ecosystem: first escaping the macOS sandbox, which is designed to limit successful hacks to one app, and then bypassing the System Integrity Protection (SIP), a key defense designed to stop authorized code from accessing sensitive files on a Mac. The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam, says Thijs Alkemade, a security researcher at Netherlands-based cybersecurity firm Computest who found the flaw. Researchers have now found a way to exploit a vulnerability in this “saved state” feature-and it can be used to break the key layers of Apple’s security protections. Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on.
0 kommentar(er)
