A security researcher has disclosed an unpatched security vulnerability in Apple’s macOS operating system that can be exploited to take full control of a system. The vulnerability, one in which is suggested to be at least 15 years old, is a local privilege escalation vulnerability that could enable an unprivileged user to gain root access on the targeted system and execute malicious code.
This local privilege escalation flaw resides in IOHIDFamily, an extension of the macOS kernel that was designed for human interface devices (HID), such as touchscreens or buttons. This vulnerability affects all verions of macOS. The researcher disclosed the information publicly on Github with Proof-of-Concept exploit code instead of notifying Apple.
Since this exploit cannot be carried out remotely, it can only be done via physical access to the machine. As always, general computer usage in a work environment should apply in these cases, and locking your PC when not in use should be a priority for all users. No patch has been issued yet, but since the recent disclosure Apple will likely release something soon.
For more information on how to keep your network safe, click here.