Security News

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. System Integrity Protection aka "Rootless" is a security feature introduced in OS X El Capitan that's designed to protect the macOS operating system by restricting a root user from executing unauthorized code or performing operations that may compromise system integrity.

An Apple software installation daemon called system installd allowed its child processes to bypass SIP's normal restrictions on filesystem access. Unleashed on world+dog with 2015's El Capitan release, MacOS SIP is intended to ensure that system-level files on a Mac can only be modified by Apple-signed installers or the fruity firm's own update mechanism - locking out even root users.

Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers. A security researcher who analyzed the patch created a POC that worked on iOS 15.0 and iOS 14.7.1, and said it would probably work on earlier versions of the OS. Two weeks later, the fix has finally been included in iOS and iPadOS 14.8.1, tvOS 15.1, and watchOS 8.1.

Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices. The Microsoft 365 Defender Research Team reported the vulnerability dubbed Shrootless to Apple by via the Microsoft Security Vulnerability Research.

Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, the enterprise version of Redmond's Windows 10 Defender antivirus. They are designed to help security operations teams to trigger response actions straight from the live response interface during incident investigations.

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question - named okhsa, klow, and klown - were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the "User-Agent" HTTP header.

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. Chief among them is CVE-2021-30869, a type confusion flaw that resides in the kernel component XNU developed by Apple that could cause a malicious application to execute arbitrary code with the highest privileges.

Apple's macOS Finder application is currently vulnerable to a remote code execution bug, despite an apparent attempt to fix the problem. A security advisory published Tuesday by the SSD Secure Disclosure program, on behalf of researcher Park Minchan, explains that macOS Finder - which provides a visual interface for interacting with files - is vulnerable to documents with the.

For those not in the Apple camp, the macOS Finder is the default file manager and GUI front-end used on all Macintosh operating systems. It's the first thing users see upon booting, and it governs the launching of other applications and the overall user management of files, disks and network volumes.

Apple has deprecated the insecure Transport Layer Security 1.0 and 1.1 protocols in recently launched iOS and macOS versions and plans to remove support in future releases altogether. The original TLS 1.0 specification and its TLS 1.1 successor have been used for almost 20 years.