At the Black Hat USA cybersecurity and DEF CON hacker conferences in Las Vegas last week, a lot of exciting developments and updates in cybersecurity were announced. Security researchers demonstrated that they could jailbreak John Deere tractors and hijack decommissioned satellites, while major tech companies found new ways for existing security tools to work together

One story highlighted a flaw in a major operating system’s software: In 2020, Dutch researcher Thijs Alkemade found a vulnerability that broke every layer of security in macOS. It’s since been patched, but older applications running on macOS may still be vulnerable. This research is particularly interesting considering Apple’s recent release of a security update to fix a flaw that could allow hackers to take complete control of devices.

Alkemade’s discovery was a vulnerability in macOS’s “saved state” feature. When you shutdown your Mac, you have the option to check a box that will automatically reopen all your apps and windows when you turn it back on. This creates a saved system state on your hard drive that the operating system reloads your applications from. (It’s also used as part of “App Nap”, where apps that are being used are suspended to free up system resources.)

By repeatedly using a technique called “process injection” against the saved state feature, Alkemade was able to evade all the system protections macOS has and take over a vulnerable Mac, reading any file on disk, installing other malware, and even activating the webcam without the user knowing. This includes macOS’s “App Sandbox”, which is designed to limit malicious code to a single application and stop hackers from being able to use a single vulnerability (like this one) to take over the whole system. 

Process injection works by tricking the operating system into running malicious code by disguising it as part of another process that is allowed to run. In general, this means inserting malicious code into apps and system tools that have a lot of permission to access the most secure corners of the operating system. While this is a common mode of attack, few are as widespread or dangerous as this one. 

In this case, Alkemade was able to create a malicious “serialized object”—which is a kind of commonly used data structure in macOS that can be converted into a string of raw computer code and back again (this is usually done to get the data ready for storage or sharing). He then saved it in the macOS file system so that it would be loaded by the saved state feature if the targeted app was running when the user initiated a system shut down. (The specifics of all this are covered in depth in Alkemade’s blog post detailing the exploit.)

[Related: How digital bounty hunters search for software bugs—and money]

To evade the App Sandbox, Alkemade abused macOS’s Open and Save panel. It’s one of the few processes that can run inside a Sandboxed app that enables it to see files it wouldn’t otherwise have access to. The panel’s permissions enabled Alkemade to run his malicious code outside of the App Sandbox and then, by piggybacking on the permissions of the macOS Public Beta Access Utility to gain root access (basically, administrator level permissions) to the system. 

The final layer of macOS security Alkemade had to bypass is called “System Integrity Protection” or SIP. It’s explicitly designed to prevent a malicious actor with root access taking over your system, controlling your webcam, or accessing certain protected files. He was able to get around it by using the process injection attack on macOS Update Assistant, which has permission to read and write data to all SIP protected locations. 

With that done, Alkemade had near total control over the Mac. He was in a position where he could install any malicious tools—like keyloggers and other spyware—or steal any data on the system. And all using the one vulnerability in macOS. Alkemade informed Apple in 2020 and received a payout through the Apple Security Bounty program. Two updates to patch various aspects of the vulnerability were released, in April and October, 2021. And while there has so far been no evidence of it being used in the wild, because of the nature of the attack, older applications (or updated applications that can be maliciously downgraded) will remain vulnerable for the foreseeable future.