Critical MacOS Vulnerability Found By Microsoft Researchers


Microsoft security researchers have discovered a vulnerability in Apple’s macOS operating system. The vulnerability is known as Shrootless and may have been actively exploited. The developers reacted and closed the vulnerability with an update.

As Bleeping Computer writes, the shrootless vulnerability is also known as CVE-2021-30892. macOS has a security concept to prevent applications from accessing certain folders and running processes. Even with root rights, access to some files and processes is denied. This is why the concept is called “System Integrity Protection” (SIP) or “Rootless”.

The concept could be circumvented

Normally only processes signed by Apple can access the protected areas. However, security researchers have found that it is possible to bypass the security system. The “system_installd” service has the authority to create child processes. The processes then also have the option of ignoring the restrictions set by the rootless concept.

An attacker can prepare a compromised file that takes over the installation process. After the SIP has been bypassed, hackers can install a rootkit, overwrite system files or hide malware on the computer.

Apple promptly fixed the problem

Apple released security updates two days ago and resolved the issue. The bug has been fixed by introducing additional restrictions. Users should definitely install the patch. However, it remains unclear whether shrootless was exploited.