Security researchers at SentinelOne have discovered a vulnerability that creates a means for hackers to circumvent Apple’s newest protection feature, System Integrity Protection (SIP).
SIP in OS X is designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. In OS X, the “root” user account previously had no permission restrictions and could access any system folder or application on your Mac.
Software gained root-level access when you entered your administrator name and password to install it and could then modify or overwrite any system file or application. SIP restricts the root account and limits the actions that the root user can perform on protected parts of OS X.
The researchers at SentinelOne says the vulnerability they discovered is a non-memory corruption bug that exists in every version of OS X and allows users to execute arbitrary code on any binary. It can bypass a key security feature of the latest version of OS X, El Capitan, the System Integrity Protection (SIP) without kernel exploits. Sentinel One says they’re reported this to Apple and that patches will be available “soon.”