Security News > 2021 > October > Apple fixes security feature bypass in macOS (CVE-2021-30892)
Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers.
A security researcher who analyzed the patch created a POC that worked on iOS 15.0 and iOS 14.7.1, and said it would probably work on earlier versions of the OS. Two weeks later, the fix has finally been included in iOS and iPadOS 14.8.1, tvOS 15.1, and watchOS 8.1.
CVE-2021-30892 was unearthed and reported by Jonathan Bar Or, a security researcher with the Microsoft 365 Defender Research Team.
It is a vulnerability that may allow attackers to bypass the macOS System Integrity Protection feature by creating a specially crafted file that would hijack the installation process.
"SIP is a security technology in macOS that restricts a root user from performing operations that may compromise system integrity. While assessing macOS processes entitled to bypass SIP protections, we came across the daemon system installd, which has the powerful com.apple.rootless.install.inheritable entitlement. With this entitlement, any child process of system installd would be able to bypass SIP filesystem restrictions altogether," the team explained.
CVE-2021-30892 has been fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1, and Security Update 2021-007 for macOS Catalina.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/qvh_OwCv_wQ/
Related news
- North Korean hackers create Flutter apps to bypass macOS security (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30892 | Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X An inherited permissions issue was addressed with additional restrictions. | 5.5 |
2021-08-24 | CVE-2021-30883 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |