------------------------------------------------------------------------ InsomniaX loader allows loading of arbitrary Kernel Extensions ------------------------------------------------------------------------ Yorick Koster, April 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions (kext). The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load (or unload) any arbitrary kext file. ------------------------------------------------------------------------ See also ------------------------------------------------------------------------ - http://semaja2.net/2017/06/insomniax-security-notice/ - http://semaja2.net/2017/06/thank-you-and-farewell-for-now/ ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on InsomniaX version 2.1.8. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ There is currently no fix available. The author of InsomniaX reports that InsomniaX is no longer supported. As a workaround, remove the setuid bit from the loader file. Doing so will prevent users from disabling the Lid Sleep. sudo chmod u-s /Applications/InsomniaX.app/Contents/Resources/loader ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20170405/insomniax-loader-allows-loading-of-arbitrary-kernel-extensions.html
