large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

This 15-year-old macOS flaw is really rather embarrassing for Apple

A macOS flaw has been discovered by a hobby hacker that could allow anyone with direct access to a MacBook, iMac or Mac Pro the ability to gain full control over the machines.

A bug in macOS, which the researcher pointed out on twitter (hat tip WccfTech) has been present for some 15 years in Apple’s operating system, is a local privilege escalation vulnerability found in an extension of the macOS kernel, effectively the heart of the operating system.

Hackers with the know-how can execute arbitrary code or install a root shell to effectively allow security measures to be bypassed, root permissions to be gained and essentially allow an illegitimate user to take control of a targeted Mac machine.

Given a would be hacker needs direct access to a macOS machine and the current user needs to be logged out, which can set off security flags, it’s not a particularly dangerous security issue. But hackers can set the exploit to work when a legitimate users shuts down or restarts their machine thereby allowing the exploit to kick in more stealthily.

“Needs to be running on the host already (nothing remote), achieves full system compromise by itself, but logs you out in the process,” Twitter user and self-proclaimed ‘hobbyist hacker’ Siguza explained. “Can wait for logout though and is fast enough to run on shutdown/reboot until 10.13.1. On 10.13.2 it takes a fair bit longer (maybe half a minute) after logging out, so if your OS logs you out unexpectedly… maybe pull the plug?”

But the flaw is a bit embarrassing for Apple, particularity as it affects all current versions of macOS, and has been present for a decade and a half.

Apple is currently working on a patch so will likely have the security hole plugged pretty quickly, but Cupertino must be feeling a little sheepish particularly after a login bug was found in macOS High Sierra last November, which saddled Apple’s latest operating system with a pretty basic security flaw.

Related:New iMac Pro

Does Apple need to pay more attention to its software security? Have your say on Facebook or Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.