A serious flaw in OpenSSH servers, dubbed “regreSSHion,” affects macOS systems and could allow a remote attacker to execute arbitrary code.
A few weeks ago, Qualys’ threat research unit discovered this vulnerability, which has been identified as regreSSHion and tracked as CVE-2024-6387.
It was found that on glibc-based Linux systems, the vulnerability—a signal handler race condition in OpenSSH’s server, sshd—allows unauthenticated remote code execution (RCE) as root.
Today, Apple acknowledged that this significant vulnerability also impacts macOS systems.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
Overview Of The Vulnerability
With a CVSS base score of 8.1, this high severity vulnerability in sshd was discovered in Portable OpenSSH versions 8.5p1 to 9.7p1.
Researchers say, in its default configuration, sshd is impacted by this race condition.
The cybersecurity company claimed to have found at least 14 million potentially dangerous OpenSSH server instances over the internet.
It further stated that the issue is a recurrence of an 18-year-old vulnerability, tracked as CVE-2006-5051, fixed and reintroduced in OpenSSH version 8.5p1 in October 2020.
“Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept”, OpenSSH said in its advisory.
Successful exploitation of the vulnerability leads to a complete system compromise and takeover, allowing threat actors to execute arbitrary code.
Apple announced today that this serious issue also affects impacted systems and recommended users patch it right away.
Impacted Systems
It is recommended that all affected systems be updated to the most recent versions of macOS Monterey 12.7.6, macOS Ventura 13.6.8, and macOS Sonoma 14.6.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
![Pinterest](https://pinterest.com/pin/create/button/?url=https://gbhackers.com/openssh-regresshion-macos-patch/&media=https://i1.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcEAVBvC-Ue9cBzUeOytBlxrAodcxJZilnqRfYd-NJQP-95VaUum82gEzIpO6sTl_kZ4z-gFGLw7s62GE5MBnahJB2QwSJN1SZelkZ6t5pp0HkQQHgKwt99pO8sE4sQGtyiPK8-4ZH9gpY6FELKb8Jbnq_VyOasnYam1_ngMX8rIKzil5G0hTgRzTO5iK4/s16000/macOS%20-%20regreSSHion.webp?w=1200&resize=1200,0&ssl=1&description=A serious flaw in OpenSSH servers dubbed "regreSSHion" affects the macOS systems that might potentially allow a remote attacker to execute){kind=link}