10.11 Fixes 0-day?

[newmac2013]

In reference to this thread "vulnerability of non-brand-new Macs (wake from sleep exploit)"

https://forums.macrumors.com/thread...and-new-macs-wake-from-sleep-exploit.1888852/

It looks like there is a 'bug' that allows EFI firmware to be overwritten when waking from sleep on macs older than 2014. From a comment on Ars:

Drivers (if you mean kernel extensions) are executed in kernel space, not user space. And this exploit requires a Kernel Extension, DirectHW.kext, to be installed.
​

Just wanting to confirm, that with rootless in 10.11 that this hole will be fixed.

 

[Rekan_]

“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

This is something I found on a website talking of this exploit. It clearly mentions having root access, maybe if rootless is enabled, this could work. I'm not to sure though.

 

[SlCKB0Y]

“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access."

Lol. "Without any other tricks".... except getting root access and the ability to install a kext.

 

[newmac2013]

Lol. "Without any other tricks".... except getting root access and the ability to install a kext.

Rootless prevents editing system files.... so the problem should be fixed

 

[SlCKB0Y]

Rootless prevents editing system files.... so the problem should be fixed

Yep, i was just pointing out how crazy the wording is. Personally i'd be an awesome pianist if I had access to a piano, the required discipline and time to learn and the first clue about playing music.

 

[Populus]

Ok, so it's solved on El Capitan.

By the way, @newmac2013, your avatar is the new spinning ball icon on 10.11? I like it!