The final month of 2017 has come and gone, and for those of us who love a good security story, December didn’t leave us disappointed. Read on for details about the top Apple-focused security news of the month.
On New Year’s Eve, a security researcher going by the name Siguza publicly disclosed the full details of a local privilege escalation vulnerability that had allegedly been present in versions of macOS for at least the past 15 years.
In order for an attacker to take advantage of the bug (dubbed “IOHIDeous”), they would reportedly either need local access to a victim’s Mac, or to have previously compromised a victim’s Mac.
IOHIDeous logo. Image credit: Siguza
Once the bug has been successfully exploited, an attacker would gain root privileges—full administrative control over the victim’s Mac.
Although the flaw itself is entirely different, it’s similar to last month’s “I Am Root” vulnerability in the sense that it could allow a local attacker to gain root privileges on a victim’s Mac.
Apple will likely release a new version of macOS High Sierra that fixes IOHIDeous within the coming weeks.
It remains to be seen whether macOS Sierra or El Capitan will also receive updates. Older versions of macOS (OS X) are not expected to receive any security updates.
In short, if your Mac is capable of running macOS High Sierra (here’s how to find out), now’s a good time to upgrade.
Apple released security updates for virtually every one of its products during the month of December:
See also our articles from earlier in December for further details on Apple’s security updates:
Apple Releases macOS 10.13.2 High Sierra, iOS 11.2 and More with Security Fixes
Apple Releases iOS 11.2.1, tvOS 11.2.1 and More with Security Fixes
On December 12, security researcher Amit Serper published a new report about OSX.Pirrit, dangerous Mac adware that has been around for a couple years and is still out there in the wild.
Serper reports that the latest version of OSX.Pirrit leverages AppleScript, a Mac scripting and automation technology. And, like previous versions of Pirrit, Serper says that the adware “[bombards] people with ads, it [spies] on them and runs under root privileges;” it has full control to do whatever it wants with a victim’s Mac.
I interviewed Serper about his research into OSX.Pirrit; you won’t want to miss the interview YouTube video in which we discuss Serper’s incredible adventures—including inadvertently discovering the exact names of the people who were behind the malware!
Even as that article was being written, there were rumors about flaws in the way Apple released its security updates for High Sierra. It turned out that, although Apple had only stated that it would patch 10.13.1, Apple had also patched version 10.13—and if a user had gotten the automatic patch on 10.13, under certain conditions after upgrading to 10.13.1 their Mac might become vulnerable again.
By now, especially since 10.13.2 has subsequently been released, the vast majority of Internet-connected Macs running macOS High Sierra should be protected against the “I Am Root” vulnerability.
If you haven’t yet upgraded your Mac to macOS High Sierra version 10.13.2, you’ll want to do so as soon as possible, as it also includes a fix for the serious Meltdown vulnerability.
There were other notable goings-on in the security world in December. Some highlights:
Be sure to subscribe to The Mac Security Blog to stay informed about Apple security throughout each month.
If you missed our previous Apple security news roundups for 2017, you can check them out here.
Also, be sure to subscribe to our YouTube channel to get monthly updates in video form, and click on YouTube’s bell icon (?) so you’ll get notified when each new episode is available!
“I am root”/Groot cartoon image credit: Johnathon Burns modified by Gaël