Leak allowed attacker to take over macOS system with USB drive
Japanese security firm Trend Micro has released details of a vulnerability patched by Apple in October. The leak made it possible to take over a vulnerable system with a malicious memory carrier, such as a USB drive or SD card.
According to the company, the vulnerability with attribute CVE-2017-13811 was present in the macOS component fsck_msdos. That is a tool that checks connected devices for errors if they are formatted in the FAT file system. Once such a peripheral is connected, the tool will run. The company found out that the vulnerability made it possible to execute code at the system level by using, for example, a malicious USB stick.
The vulnerable code is also present in other operating systems, including Android and BSD-based systems, according to Trend Micro. The company notified the various developers but received no response. Google said it won’t fix the vulnerability because the tool runs on Android “within a very limited SELinux domain.” This is a technique that allows you to manage what is allowed to run on a system and allows users to set access permissions based on mandatory access controls.
Trend Micro has not yet encountered the attack “in the wild.” Requiring a USB drive or other storage medium for the attack, physical access to a vulnerable device is required to execute it. Apple has since patched the leak, describing the consequences as “executing arbitrary code at the system level.”