InsomniaX loader allows loading of arbitrary Kernel Extensions

------------------------------------------------------------------------
InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------
Yorick Koster, April 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that the loader application bundled with InsomniaX can be
used to load arbitrary Kernel Extensions (kext). The loader is normally
used to load a kext file that is needed to disable the Lid Sleep. A flaw
has been found in the loader that allows a local attacker to load (or
unload) any arbitrary kext file.

------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- http://semaja2.net/2017/06/insomniax-security-notice/
- http://semaja2.net/2017/06/thank-you-and-farewell-for-now/

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on InsomniaX version 2.1.8.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available. The author of InsomniaX reports
that InsomniaX is no longer supported. As a workaround, remove the
setuid bit from the loader file. Doing so will prevent users from
disabling the Lid Sleep.

sudo chmod u-s /Applications/InsomniaX.app/Contents/Resources/loader

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170405/insomniax-loader-allows-loading-of-arbitrary-kernel-extensions.html