Happy New Year, Apple. As 2017 drew to a close, a security researcher tweeted out a macOS security flaw that's apparently existed for at least 15 years. "Woah. One tiny, ugly bug. Fifteen years. Full system compromise," the researcher, who goes by Siguza, tweeted on Sunday.
Siguza did not warn Apple before tweeting, but claims the flaw can only be triggered when you have local access to the Mac.
People mad at me for dropping a 0day and making them vulnerable: what's your threat model?
If it's script kiddies, you're safe because it's just a LPE and nothing remote.— Siguza (@s1guza) January 1, 2018
If it's people who can get remote code exec, what makes you think they don't have kernel r/w as well anyway?
"Some people seem to think I do this out of hate, but I actually do it out of love for craft of hacking," Siguza tweeted. "I'm not trying to shame or blame anyone — but if you have to blame someone, fine, put it on me. I can live with that."