Apple computers were exploitable via USB

Posted on Thursday, November 23 2017 @ 12:51 CET by Thomas De Maesschalck

Security firm Trend Micro reveals Apple patched a FAT/USB vulnerability in October that enabled hackers to take over macOS based systems. With exception of high-value targets, the risk here was probably low as exploitation of the bug required physical access.

The flaw was found in the fsck_msdos system tool, which automatically checks FAT devices like USB flash drives and SD memory cards for FAT filesystem formatting errors:

The vulnerability allows arbitrary code to be executed with system-level privileges, which potentially lets a malicious device (such as the mentioned flash disks or SD cards) take over the entire system when the said device is inserted into the vulnerable system. We do not believe that this attack has been used in the wild. We strongly recommend that users update their software to address this flaw, as well as the others that were part of this update cycle.

Trend Micro reports the same tool is also used by other BSD-based operating systems, including Android. However, Google claims Android is not vulnerable to this attack because it runs fsck_msdos under a very restricted SELinux domain.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!