Microsoft Discovers MacOS Bug That Can bypass SIP

The Microsoft 365 Defender Research Team recently discovered a new macOS vulnerability nicknamed “Shrootless” and tracked it as CVE-2021-30892, a vulnerability that can misuse privilege inheritance in macOS ‘System Integrity Protection (SIP) thereby giving room for the execution of arbitrary code with root privileges.

Reportedly, the vulnerability has already been patched in the three supported versions of macOS (Monterey 12.0.1, Catalina with Security Updates 2021-007, and Big Sur 11.6.1) although there are indications that older versions of OS X running SIP including OS X 10.11 and later may still be vulnerable.

When examining how Shrootless works, the first thing to understand is how SIP works. SIP as we have it adds kernel-level that prevent certain files on the disk and certain processes in memory from being changed, even with root privileges.

The bug then takes advantage of the fact that the kernel can modify protected locations as needed, even if root privileges are no longer sufficient to modify important system files.

For more information, read the original story in Arstechnica.

Microsoft Discovers MacOS Bug That Can bypass SIP

Top Stories

GitHub Copilot to train on user data by default

Microsoft pulls Copilot Chat from core Office apps for enterprise customers

OpenAI pauses ChatGPT erotic mode “indefinitely”

Researcher Says “APT” Label No Longer Reflects the Threat Landscape

How do you select a graph database? – Part 1

OpenAI plans major hiring push as competition intensifies

Related Articles

GitHub Copilot to train on user data by default

US Supreme Court narrows ISP liability in major piracy ruling

Roblox safety measures face scrutiny despite new age verification rollout

Cursor’s Composer 2 launch sparks scrutiny over undisclosed model foundation

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered