I have been away for some time.
In the first day of my return I have found the following vulnerability related with Apple.
It seems nasty… Although it cannot be remotely exploited it might be used in phishing campaigns that might trick the user to execute some software that takes ownership of the computer.
This local privilege escalation flaw resides in IOHIDFamily, an extension of the macOS kernel which has been designed for human interface devices (HID), like a touchscreen or buttons, allowing an attacker to install a root shell or execute arbitrary code on the system.
More info:
Fuck it, dropping a macOS 0day. Happy New Year, everyone. https://t.co/oG2nOlUOjk
— Siguza (@s1guza) December 31, 2017
Exploit / Proof of concept
https://siguza.github.io/IOHIDeous/