Security company SentinelOne has recently discovered the latest flaw in Apple’s OS X operating system, which bypasses the SIP (System Integrity Protection) protocols the company has in place to prevent local privilege escalation. SentinelOne describes this non-memory corruption as being stable, extremely reliable, and logic based. It does not crash the machine or process that it takes over, which would give the device’s owner a clue that something was amiss. In short then, this zero day vulnerability is something that is less likely to be used by your run of the mill hacker than it would by nations, sponsoring highly targeted stealth attacks against other nations.
By their nature, zero day flaws are extremely difficult to discover, simply because the engineers who designed and built the devices in question aren’t looking for them. For the same reason, these kinds of flaws are virtually impossible for antivirus software to detect, because the software works by looking for symptoms or virus signatures it can match to the database of known threats.
In any case, so far, Apple has had a stellar track record when it comes to patching vulnerabilities to their system, in many cases, releasing a patch just 48-72 hours after a flaw is discovered. It’s possible then, that by the time you read these words, Apple will already have a fix released, or at least a firm date for it. At this point in time, however, they do not.