1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns of nasty new macOS vulnerability with an excellen

    From TechnologyDaily@1337:1/100 to All on Fri Oct 29 15:00:04 2021
    Microsoft warns of nasty new macOS vulnerability with an excellent name

    Date:
    Fri, 29 Oct 2021 13:44:51 +0000

    Description:
    Microsoft researchers write a fully functional proof-of-concept to hijack the app installation process in macOS.

    FULL STORY ======================================================================

    Cybersecurity researchers at Microsoft have helped Apple patch a vulnerability that could allow attackers to bypass the System Integrity Protection (SIP) in macOS and perform arbitrary operations.

    The Microsoft 365 Defender research team also discovered that a similar technique could allow attackers to elevate their privileges to root an affected device.

    SIP is a security technology in macOS that restricts a root user from performing operations that may compromise system integrity. We discovered the vulnerability while assessing processes entitled to bypass SIP protections, notes Jonathan Bar Or , Senior security researcher at Microsoft. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    The vulnerability, named shrootless and tracked as CVE-2021-30892 was
    reported to Apple who pushed a patch for it in the security updates released earlier this week, on October 26, 2021. Go shrootless

    Explaining the vulnerability, Bar Or says that SIP, also known as rootless, was first introduced in macOS Yosemite as a mechanism to lock down the system from root by leveraging the Apple sandbox to protect the entire platform.

    In other words, SIP essentially restricts a root user from performing operations that could compromise a systems integrity.

    However, the researchers found that the vulnerability lies in how
    Apple-signed packages with post-install scripts are installed. Bar Or notes that the vulnerability could be exploited to create a specially crafted file that hijacks the installation process, in order to bypass SIPs restrictions.

    Once thats done, the attacker could then overwrite system files, or install rootkits and malware . Bar Or said the researchers demonstrated the vulnerability by developing a fully functional proof-of-concept (PoC)
    exploit.

    Security technology like SIP in macOS devices serves both as the devices built-in baseline protection and the last line of defense against malware and other cybersecurity threats. Unfortunately, malicious actors continue to find innovative ways of breaching these barriers for these very same reasons.Our research on the CVE-2021-30892 vulnerability exemplifies this, Bar Or concludes, building a case for businesses to switch to solutions like Microsoft Defender for Endpoint.



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-warns-of-nasty-new-macos-vulnerabilit y-with-an-excellent-name/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)