Security News > 2021 > October > Microsoft documents “SHROOTLESS” hack patched in latest Apple updates

Microsoft documents “SHROOTLESS” hack patched in latest Apple updates
2021-10-29 18:38

Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft.

As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.

There's a Catch-22 namely that SIP has to have a special, seamless way of allowing certain programs or processes to run with at least partial ueberoot powers, for example during a system security update, wher critical operating system files may need to be removed, modified or added.

As Microsoft researcher Jonathan Bar Or explains, Apple's approach to the need for occasional exceptions to the strict SIP lockdown rules involves a secure installation process called system ­installd.

The system installd daemon regulates the execution of privileged Apple.

On any Unix/Linux system, take the trouble to find out which system files can influence the behaviour of what system features.


News URL

https://nakedsecurity.sophos.com/2021/10/29/microsoft-documents-shrootless-hack-patched-in-latest-apple-updates/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30892 Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X
An inherited permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-732
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399
Apple 72 238 1567 2279 265 4349