Security News > 2021 > October > Apple fixes security feature bypass in macOS (CVE-2021-30892)

Apple fixes security feature bypass in macOS (CVE-2021-30892)
2021-10-29 11:42

Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers.

A security researcher who analyzed the patch created a POC that worked on iOS 15.0 and iOS 14.7.1, and said it would probably work on earlier versions of the OS. Two weeks later, the fix has finally been included in iOS and iPadOS 14.8.1, tvOS 15.1, and watchOS 8.1.

CVE-2021-30892 was unearthed and reported by Jonathan Bar Or, a security researcher with the Microsoft 365 Defender Research Team.

It is a vulnerability that may allow attackers to bypass the macOS System Integrity Protection feature by creating a specially crafted file that would hijack the installation process.

"SIP is a security technology in macOS that restricts a root user from performing operations that may compromise system integrity. While assessing macOS processes entitled to bypass SIP protections, we came across the daemon system installd, which has the powerful com.apple.rootless.install.inheritable entitlement. With this entitlement, any child process of system installd would be able to bypass SIP filesystem restrictions altogether," the team explained.

CVE-2021-30892 has been fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1, and Security Update 2021-007 for macOS Catalina.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/qvh_OwCv_wQ/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30892 Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X
An inherited permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-732
5.5
2021-08-24 CVE-2021-30883 Out-of-bounds Write vulnerability in Apple products
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 129 583 4207 1605 2398 8793