Little Snitch Linked with Privilege Escalation on Mac OS X El Capitan

The Little Snitch app is an application firewall that is great for monitoring and controlling how the apps on your Mac can connect to and use the internet. However, according to a recent report from Threatpost, the application might be vulnerable itself. Discovered by researcher and hacker Patrick Wardle, the vulnerability is a local escalation of privileges issue. If exploited, the issue could allow malware programs or local users to gain root privileges on a target computer.

Root privileges, of course, are dangerous for how much control they can give hackers or malicious software over a user’s machine. Wardle says that this particular vulnerability would allow hackers to “install a rootkit, keylogger, disable System Integrity Protection (SIP) and more.” Rootkits can allow external users to take control of a computer, keyloggers can steal passwords, banking information, and other sensitive personal data, and System Integrity Protection is the core of El Capitan’s defenses against other malware.

The good news is that Wardle has been talking about this vulnerability for several months now. Objective Development, the app developer behind Little Snitch, has already released a version of the app (3.6.2) that patches the vulnerability. If you use Little Snitch, you can avoid the threat of privilege escalation simply by updating the app to its latest version.

The bad news is that, at least from Wardle’s perspective, Objective Development has done a poor job of publicizing the importance of the 3.6.2 update. Rather than flag the update as a vital security fix, the company buried the escalation of privileges patch in an update that included five other fixes. Also,
instead of noting that this particular update could save users from rootkits, keyloggers, malware attacks, and other dangers, the notes provided alongside the update simply said that it “fixed a rare issue that could cause a kernel panic.” That description of the fix certainly seems to downplay its importance, as Wardle suggested. His worry is that Little Snitch users might forego update 3.6.2 because they don’t realize how essential it is.

Bottom line: if you use Little Snitch, update your app to the latest version. Escalation of privileges can be a dangerous vulnerability, and it’s one worth patching as soon as possible.