Nov 2, 2021
88 Views
0 0

New vulnerability in MacOS allows cyber criminals to hack Macbook Pros via rootkits

Written by

In a security report, Microsoft detailed the finding of a critical vulnerability in macOS whose successful exploitation would allow threat actors to evade the System Integrity Protection (SIP) mechanism and deploy all kinds of attacks, such as performing privilege escalations and installing rootkits. SIP, also known as Rootless, is a security feature in macOS that prevents root users from performing operations that could compromise security on the system.
This mechanism allows only Apple-signed processes to modify these restricted sections of the system. According to the report, threat actors could create a specially crafted file in order to hijack the legitimate installation process.
Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26. Get details: https://t.co/FDZc5pOQX1
Microsoft mentions that when evaluating macOS processes, the daemon system_installd was detected, which has rights com.apple.rootless.install.inheritable. Access to this level of rights, any process derived from system_installd could evade the restrictions of the SIP file system.
The vulnerability, dubbed Shrootless, was exploited in a secure environment by Microsoft researchers, who managed to override the exclusion list of kernel extensions. Below are the steps that make up the proof of concept (PoC):
Apple announced the fix of the flaw in its latest security update for macOS, crediting Microsoft with the bug report: “A malicious application can modify protected parts of the file system,” the company acknowledges.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.

source

Article Categories:
Vulnerabilities

Leave a Reply