Microsoft discovered a critical vulnerability on macOS
An attacker could exploit this Shrootless vulnerability to bypass Apple's System Integrity Protection (SIP) and perform arbitrary actions, elevating privileges to root and install rootkits. on the victim's devices.
After discovering the vulnerability, the Microsoft 365 Defender Research Team security research team reported it to Apple through the Microsoft Security Vulnerability Research (MSVR) program. The vulnerability has also been assigned the CVE code as CVE-2021-30892 for easy tracking.
SIP (also known as rootless) is a macOS security technology that helps prevent malware from tampering with protected folders and files. SIP works by restricting the root user account and limiting the actions it can perform on protected parts of the operating system.
By design, SIP only allows programs that have been certified by Apple or those with special permissions (Apple software updates and Apple installers) to interfere with, modify, protection of macOS.
Microsoft researchers discovered Shrootless after noticing that the system-installd daemon had the com.apple.rootless.install.inheritable permission that allowed any subprocess to bypass the limitations of the SIP system .
According to Microsoft experts, after bypassing SIP, an attacker can install rootkits on the machine, overwrite system files or install malicious code without being detected.
Apple released a patch for the Shrootless vulnerability on October 26. Microsoft experts highly appreciate Apple's professionalism and quickness in handling this security hole.
You should read it
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- Mac computers stuck with a dangerous security vulnerability, Apple was announced in February but has not yet resolved
- Google announced a serious vulnerability in the macOS kernel
- Hackers can modify Safari on macOS to steal user data
- Users need to update their iOS and Mac devices right away to avoid security vulnerabilities
- Vulnerability on macOS helps hackers easily overcome security barriers
- Detecting vulnerabilities in iOS 12 and macOS caused device crash
- Microsoft issued a warning about macOS security errors, urging users to update the software immediately
- Apple expanded the size of the security bug detection program to receive bonuses, including macOS, a maximum bonus of $ 1 million
- Apple updated the password revealing patch from the Disk Utility function
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Microsoft introduced a tool to fix security holes in IE 9 and 10
Maybe you are interested
Chinese display company asks Apple for forgiveness after spec cheating incident
Apple will introduce a major change on the M5 CPU launched in 2025
Apple is working on a smart doorbell system that can be unlocked with Face ID
How to Experience Apple Music on Windows PC
3 Apple Visual Intelligence Alternatives for Older iPhones
Stolen iPhone? Don't Delete It From Your Apple Account!