![]() One of the kernel’s interfaces Wardle found had a heap overflow vulnerability. Next, he spoofed the Little Snitch client and figured out how to authenticate to the kernel and send code instructions (or messages) to the kernel. He said he was able to reverse engineer the way Little Snitch’s user-mode firewall configuration settings “talked” to the kernel. Wardle said the Little Snitch bug is tied to the software’s driver that runs at the kernel level. Here, they could install a rootkit, keylogger, disable System Integrity Protection (SIP) and more,” Wardle said. ![]() “Exploiting this vulnerability would afford an unauthorized (local) user that ability to get arbitrary code executing in the context of the kernel (ring-0). Next month, at DEF CON, Wardle will publicly discuss the vulnerability for the first time and describe two additional Little Snitch vulnerabilities that have been previously disclosed. However, Wardle points out, because older versions of the Little Snitch software are vulnerable to this type of attack, it’s possible that attackers could install older versions of the firewall software (or just load an older version of the Little Snitch driver) on a target’s computer in order to exploit the vulnerability. Users can fix the problem simply by updating to the latest version. “This is a serious flaw and an important software update that Little Snitch users could have easily missed,” Wardle told Threatpost. The following month, Little Snitch’s developer Objective Development released the (3.6.2) version of the firewall that fixed the problem. In January, Wardle discovered that the firewall software contained a local escalation of privileges (EoP) vulnerability that any local user (or malware) could exploit. Wardle did not test versions of Little Snitch released prior to 3.x. Affected are 3.x versions of the Little Snitch firewall software released prior to build 3.6.2 running on El Capitan. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker Patrick Wardle. Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |