10.11 Fixes 0-day?

newmac2013

macrumors newbie
Original poster
Jun 4, 2013
7
0
In reference to this thread "vulnerability of non-brand-new Macs (wake from sleep exploit)"

https://forums.macrumors.com/thread...and-new-macs-wake-from-sleep-exploit.1888852/

It looks like there is a 'bug' that allows EFI firmware to be overwritten when waking from sleep on macs older than 2014. From a comment on Ars:

Drivers (if you mean kernel extensions) are executed in kernel space, not user space. And this exploit requires a Kernel Extension, DirectHW.kext, to be installed.
Just wanting to confirm, that with rootless in 10.11 that this hole will be fixed.
 

Rekan_

macrumors member
Jun 11, 2015
69
36
London, UK
“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

This is something I found on a website talking of this exploit. It clearly mentions having root access, maybe if rootless is enabled, this could work. I'm not to sure though.
 

SlCKB0Y

macrumors 68040
Feb 25, 2012
3,140
205
Sydney, Australia
“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access."
Lol. "Without any other tricks".... except getting root access and the ability to install a kext. o_O
 

SlCKB0Y

macrumors 68040
Feb 25, 2012
3,140
205
Sydney, Australia
Rootless prevents editing system files.... so the problem should be fixed
Yep, i was just pointing out how crazy the wording is. Personally i'd be an awesome pianist if I had access to a piano, the required discipline and time to learn and the first clue about playing music. o_O
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.