Microsoft documents “SHROOTLESS” hack patched in latest Apple updates

2021-10-29 18:38

Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft.

As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.

There's a Catch-22 namely that SIP has to have a special, seamless way of allowing certain programs or processes to run with at least partial ueberoot powers, for example during a system security update, wher critical operating system files may need to be removed, modified or added.

As Microsoft researcher Jonathan Bar Or explains, Apple's approach to the need for occasional exceptions to the strict SIP lockdown rules involves a secure installation process called system installd.

The system installd daemon regulates the execution of privileged Apple.

On any Unix/Linux system, take the trouble to find out which system files can influence the behaviour of what system features.

News URL

https://nakedsecurity.sophos.com/2021/10/29/microsoft-documents-shrootless-hack-patched-in-latest-apple-updates/

#apple #hack #microsoft #CVE-2021-30892

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-24	CVE-2021-30892	Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X An inherited permissions issue was addressed with additional restrictions. local low complexity apple CWE-732	5.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		680	809	4503	4180	3706	13198
Apple		135	564	4101	1567	2438	8670

News URL

Related news

Related Vulnerability

Related vendor