Security News > 2021 > October > Microsoft documents “SHROOTLESS” hack patched in latest Apple updates
Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft.
As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.
There's a Catch-22 namely that SIP has to have a special, seamless way of allowing certain programs or processes to run with at least partial ueberoot powers, for example during a system security update, wher critical operating system files may need to be removed, modified or added.
As Microsoft researcher Jonathan Bar Or explains, Apple's approach to the need for occasional exceptions to the strict SIP lockdown rules involves a secure installation process called system installd.
The system installd daemon regulates the execution of privileged Apple.
On any Unix/Linux system, take the trouble to find out which system files can influence the behaviour of what system features.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-30892 | Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X An inherited permissions issue was addressed with additional restrictions. | 5.5 |