Recently patched security flaw bypassed OS X's new defenses
iOS and OS X El Capitan only got a fix this week -- older versions are still vulnerable.
Theoretically, the System Integrity Protection introduced in OS X El Capitan makes it very hard to completely compromise a Mac. The feature prevents software from modifying protected files even if you have root access, preventing most software-based attacks from working. However, it's now clear that even this safeguard isn't airtight. SentinelOne's Pedro Vilaça has discovered a security flaw that -- combined with access gained via another method, like a phishing attack or browser vulnerability -- lets you run any code you like on a Mac, even with SIP in effect. The vulnerability takes advantage of a corruption bug in OS X to give a program full control over your system; since certain programs need full privileges for OS X to work (you couldn't update your system otherwise), the intruder just has to target the right file to hijack your computer.
It's more dangerous than some exploits, to boot. The technique is "extremely reliable," and won't give things away by crashing the computer. That's potentially useful for state-sponsored attacks where stealthiness is important.
The good news? If you're the type who updates software as soon as an upgrade is available, you're safe. SentinelOne let Apple know about the bug in January, so OS X 10.11.4 and iOS 9.3 (conveniently released this week) both contain patches for it, although if you're on an older version of OS X you are still potentially vulnerable. Having said this, the flaw remains a warning that SIP is merely another layer of defense, not a catch-all -- it still helps to be vigilant and prevent this rogue code from touching your device in the first place.
