Apple opened source code of iOS and macOS

Creators of iPhone and Mac opened the source code of iOS and macOS
02 October 2017   891

Totally unexpectedly, Apple opened the source code for the XNU kernel, known as "XNU is Not Unix" and which is used in iOS and macOS operating systems. Now everyone can download all necessary files from GitHub. This is an unprecedented case, as the Apple ecosystem was previously closed, and the company kept the OS running completely under its control.

What is XNU?

XNU, which is an abbreviation of 'XNU is Not Unix', is a Unix-like kernel used in macOS, including all the previous versions of the OS, when it was known as OS X, as well as iOS.

Developers benefits

Access to the source code of the kernel will allow developers to better understand how iOS and macOS are arranged and how the software works with the kernel of the system. In addition, experts will be able to use the data in their own projects, but Apple has carefully prepared a number of restrictions.

MacOS High Sierra Can be Hacked Thru Wi-Fi

Corporation eliminated it with the release of macOS 10.13.6 in July 2018, but unupdated computers are still vulnerable
13 August 2018   624

The chief security officer at Fleetsmith Jesse Endahl and the Dropbox engineer Max Belanger found a way to compromise Apple's computers with MacOS High Sierra to version 10.13.6 when the device connects to Wi-Fi for a first time. Attackers can hack the device before the first start of the system. This is is reported by Digital Trends.

We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they’re logging in, by the time they see the desktop, the computer is already compromised.
 

Jesse Endahl

CSO, Fleetsmith

According to experts, the errors are in the tools for the remote access called Device Enrolment Program (DEP) and Mobile Device Management (MDM). When you connect to Wi-Fi for the first time, the laptop connects to Apple's servers and, if its serial number coincides with the company's identifiers, it starts downloading corporate programs from the list in the manifest file. MDM does not require a certificate of authenticity, so hackers can replace the original file with an arbitrary file with its own list of software.

The researchers told Apple about the vulnerability, and the corporation eliminated it with the release of macOS 10.13.6 in July 2018. Computers with older versions of the OS remain vulnerable.

In November 2017, experts discovered a vulnerability in the macOS High Sierra, which allowed root privileges to be received in a couple of clicks. Then the corporation released a bug fix the very next day.