Dangerous zero day vulnerability in iOS · OS X, OS can be updated by updating to the latest version

ByLuca

"Apple's offer as OS for Mac"OS XIt is also possible to steal data in the terminal if a malicious hacker exploits it in both "iPhone / iPad OS" iOS "Zero-day vulnerabilityWas announced.

Apple zero-day vulnerability fully compromises your devices | ZDNet
http://www.zdnet.com/article/apple-zero-day-vulnerability-fully-compromises-your-devices/

It is IT security related conference held in Singapore on 23rd and 24th March 2016SyScan 360 2016Among the security-related companiesSentinelOneResearcher Pedro · Biraka said that vulnerability exists in both iOS and OS X and that this vulnerability affects all versions of each OS. What is regarded as a particularly important problem is the system security of OS XSystem Integrity Protection(SIP) can be bypassed.

SIP was released on 30th September 2015OS X El CapitanOne of the security features in OS X, which limits the root authority of OS X. Until that time, if you have root authority, restrictions are placed on where you can access the protected area of ​​the system so that you can reduce the possibility of executing malicious code and other devices to take over the device The purpose of.

ByMiika Silfverberg

Mr. Biraka, who discovered the zero day vulnerability, said, "If you use this bug you will be able to manage whatever permissions Apple gives to a particular binary because Apple will It is a modification to the binary, this binary can bypass SIP.If a similar vulnerability is exploited, load unsigned kernel code and completely disable SIP inside the kernel It is also possible to do. "

However, when exploiting this vulnerability, first of all the target systemSpear phishingYaBrowser CrusherZDNet of IT related news site that it is necessary to attack with etc. By using zero day vulnerability, it is also possible to run arbitrary code on the system, execute code by remote operation, and escape sandbox.

ByRodrigo Denúbila

Mr. Biraka discovered the vulnerability in the beginning of 2015, which was reported to Apple in January 2016. In addition, the latest versions of El Capitan and iOS released on March 21, 2016, 10.11.4 and iOS 9.3, are patched against the same vulnerability.

ZDNet recommends updating iOS and OS X to the latest version to eliminate the risk of exploiting the vulnerability, but if you update some iPads to the latest iOS 9.3 There are also reports that it will become unusable after writing and it is said that it is good for iPad users to secure backups before updating.

IPad is literalized in the latest iOS 9.3, it becomes unusable state - GIGAZINE


In addition, GoogleProject ZeroTechnical details on the same vulnerability are published.