Apple Fixes 20 Year Old Flaw

Apple has finally fixed its 20-year-old vulnerability that existed in its operating systems. The vulnerability was discovered twenty years ago by Joshua Hill, security researcher and chief risk officer (CRO) at Guardian while using MacOS 9. Apple has patched this flaw last April.

It is to be noted that this vulnerability could allow an attacker to obtain remote access to any Mac and have complete control over the system.

An article on WIRED tells that an exploit developed by Hill can be used on certain generations of macOS (until macOS Sierra).

The exploit revolves around CCLEngine, which is used to establish data links between computers. Hill found out that authentication mechanism in CCLEngine could be remotely bypassed and can be used to establish a remote connection between computers.

Following this, a communication socket can be accessed which can be exploited to execute remote code.

The reason for this flaw is believed to be due to shoddy code. The researcher presented this bug at the Objective by the Sea conference that was held on Sunday.