A bug in macOS briefly allowed attackers to install what they wanted

AppleInsider is supported by its audience and can earn a commission as an Amazon Associate and associate partner for eligible purchases. These affiliate partnerships do not affect our editorial content.

Microsoft security researchers have now discovered a patched macOS vulnerability that allowed attackers to bypass Mac system integrity protection.

The vulnerability, called “Shrootless”, takes advantage of the fact that Apple-certified application installation packages can still perform activities that are otherwise prohibited by SiP. According to a blog post by Microsoft’s 365 Defender research team, this is because the kernel can still change protected locations on macOS.

Usually this type of attack is prevented by SiP, which was first introduced in maCOS 10.11 El Capitan. This feature adds kernel-level protection against modifying certain files within macOS, even if the application or user has root privileges.

However, as Microsoft notes, SiP must allow installation packages to temporarily bypass protection to install an application or other files. It does this by allowing packets to bypass SiP through the inheritance system.

The problem lies in the fact that installation packages can contain post-installation scripts that macOS runs with the default system shell. If an attacker modified these scripts, it would mean that they could be executed with inherited SiP bypass privileges.

Of course, the attack technique would depend on whether the user downloads and runs an unauthorized installation package. An attacker could trick a user into downloading a malicious installation package, or the user could simply inadvertently download it.

Once exploited, the vulnerability could theoretically allow an attacker to carry out other attacks through elevated permissions or to gain consistency on the system.

How to protect yourself

However, older versions of Apple’s operating systems are still vulnerable. Therefore, like other security updates contained in recent releases, it is recommended that users upgrade their computers.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button