Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature. It was reported to Apple and patches will be available soon. This zero day vulnerability is present in all versions of Apple’s OS X operating system. SentinelOne’s lead OS X security expert, Pedro Vilaça, is presenting the full findings on this vulnerability today at SysCan360 2016 in Singapore: https://www.syscan360.org/en/speakers/#issue-edd5
This vulnerability is a non-memory corruption bug that exists in every version of OS X and allows users to execute arbitrary code on any binary. It can bypass a key security feature of the latest version of OS X, El Capitan, the System Integrity Protection (SIP) without kernel exploits. SIP is a new feature, which is designed to prevent potentially malicious software from modifying protected files and folders: essentially to protect the system from anyone who has root access, authorized or not.