A zero-day exploit affecting Mac OS X allows attackers to execute arbitrary code on any binary. That’s not good, and it gets worse. The exploit bypasses System Identity Protection (SIP, sometimes called rootless), and is almost impossible to trace once implemented. Apple has been notified and a patch is on the way.
“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” wrote SentinelOne in a blog post announcing the discovery. A talk given by Pedro Vilaça at SyScan360, a security conference in downtown Singapore this week, outlined the exploit in detail.
The exploit is unique in that it doesn’t use memory corruption, an common attacker exploit. Instead, the attack exploits a longstanding vulnerability in OS X’s security schemes to gain near-total control over any Mac.
The even crazier thing, however, is that this exploit not only bypasses System Identity Protection but can actively use it to ensure changes made to the system aren’t repaired, something Vilaça calls a SIP “protection racket”.
SIP was introduced with OS X 10.11, El Capitan. It prevents users from changing core system files entirely, even if they enter a root password (hence the nickname “rootless”: there effectively is not a root user). Bypassing SIP and making changes means users cannot undo the changes without first disabling SIP.
Even worse, this exploit is hard to detect using traditional methods.
It all sounds awful, but happily there is no evidence of this exploit being used in the wild, and SentinelOne has informed Apple of the problems. Patches will be out soon.
Vilaça, for what it’s worth, is not blaming Apple.
“Designing security systems is hard,” Vilaça’s slides say at the end of the talk. “Move to defense and give it a try.”
You can read the presentation slides here. It’s a good overview, though a lot of the details seem to be mentioned on-stage and are not on the slides. Here’s hoping a longform version will come out soon.
Related Posts
New study shows AI isn’t ready for office work
A reality check for the "replacement" theory
Google Research suggests AI models like DeepSeek exhibit collective intelligence patterns
The paper, published on arXiv with the evocative title Reasoning Models Generate Societies of Thought, posits that these models don't merely compute; they implicitly simulate a "multi-agent" interaction. Imagine a boardroom full of experts tossing ideas around, challenging each other's assumptions, and looking at a problem from different angles before finally agreeing on the best answer. That is essentially what is happening inside the code. The researchers found that these models exhibit "perspective diversity," meaning they generate conflicting viewpoints and work to resolve them internally, much like a team of colleagues debating a strategy to find the best path forward.
Microsoft tells you to uninstall the latest Windows 11 update
https://twitter.com/hapico0109/status/2013480169840001437?s=20