this post was submitted on 06 Aug 2023
98 points (92.2% liked)
Linux
48333 readers
617 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Here's one example of a privilege escalation
https://security.berkeley.edu/news/macos-ipados-and-ios-local-privilege-escalation-vulnerability-cve-2021-30807
And here's a little more detail about it, complete with links:
https://www.offsec.com/offsec/macos-preferences-priv-escalation/
This is probably also a zero day because Apple acknowledged that it was in use in the wild at the time (first link).
Not all. HVNC, for example, doesn't require anything by the user and with clever use, an attacker could get just add much value from it as with a privilege escalation bug.
Also XCSSET Updated used a zero day in Safari.
These attacks are still a lot less common vs Windows because the attack surface is much smaller, but it's foolhardy to think macOS is immune in some way.
Rarely do attacks use just one strategy, usually they bundle malware with a zero day of some sort. Since macOS has a small user base, look less at the impact and more at the capabilities. All types of malware exist for macOS, so if it gets much larger adoption, we'll see more effort in packaging them together.
Sure, anti-virus won't prevent the zero day from being exploited, but it can prevent any malware packaged with it from executing/causing damage. The same goes for other strategies, like sandboxing, access control, etc, the more layers you have, the less likely an attack is to be successful.
On the other side, the less valuable your platform is to exploit, the less attention it'll have from malware authors. Most malware is looking to make a quick buck, and getting grandma to call a fake support line to fix a manufactured problem is the lion's share of malware. Some attempt to create a botnet (i.e. worms and Trojans), and others try to steal banking and other credentials (so cookie scraping, no need for privilege escalation, just code execution).
I'm just pointing out that zero days and privilege escalation has existed to show that macOS isn't immune. I'm sure there are plenty more, they just probably aren't used as much because the potential benefit isn't large enough yet. Why risk revealing your zero day when the profit potential is low? Sometimes it's more valuable to wait and sell to a more sophisticated attacker who will go after higher value targets like sitting politicians than to sell it on the open market to a scammer who goes after grandma.
The same goes for Linux. Zero day privilege escalation attacks certainly exist, if you follow the CVEs, you can see some of them getting discovered before they're explored. As the market expands, we'll see more exploits actually being used, which means there are probably even more that potential attackers are sitting on.