OS X is a fairly robust system, but no tool is completely tamper-proof, and security researchers working for Sentinel One have detected a critical new flaw in SIP . And be careful because if it were to fall into the hands of a malicious person, then it would allow him to “easily” take control of any Mac.
Apple has significantly improved the security of its system over the versions. The firm notably set up a quarantine system in 2008 with Leopard to prevent the automatic opening of malicious programs.
The firm put the cover back the following year with Snow Leopard and more precisely with XProtect. The tool works much like anti-malware and is capable of disabling infected applications.
OS X might be secure, but it's not completely tamper-proof
Lion, for his part, marked the arrival of a sandboxing system capable of isolating applications to prevent viruses from corrupting the system. Apple went even further with Mountain Lion by integrating GateKeeper and implementing a certificate system for applications.
Thanks to it, the brand can easily deactivate applications remotely and thus prevent infections from spreading.
SIP, for its part, protects the root account and thus prevents users from increasing their rights to take control of the system and hack native applications or even device drivers.
The administrator is therefore not completely an administrator and this prevents viruses from using root rights to corrupt OS X.
So far, it has worked pretty well, but Sentinel One security researchers stumbled upon a nasty flaw while performing some pretty extensive testing. They don't explain how to exploit it, but it obviously relies on a bug in memory management and it allows malicious programs to execute arbitrary code to attack the system.
Not that great, then, but they still took the lead and escalated the problem to Apple so their engineers could work on a fix.
A patch should therefore land very soon and it will probably be better to install it if you want your Mac.