Security News

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "Trivially and reliably" bypass a "Myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday.

Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. Apple has addressed this vulnerability in macOS 11.6 through a security update released in September 2021 that adds improved checks.

Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. "For most individual users, automatic updates will be enabled by default. When enabled, users will have the opportunity to opt-out of automatic updates for their desktop client after the first install or first update where this feature is present," said Jeromie Clark, Security & Privacy Technical Product Manager at Zoom.

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. Google's researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.

The problem-dubbed "Shrootless"-is associated with a security technology called System Integrity Protection found in macOS. Jonathan Bar Or from the Microsoft 365 Defender Research Team explained in a blog post that SIP restricts a user at the root level of the OS from performing operations that may compromise system integrity. "A malicious actor could create a specially crafted file that would hijack the installation process. After bypassing SIP's restrictions, the attacker could then install a malicious kernel driver, overwrite system files, or install persistent, undetectable malware, among others."

A growing number of Mac and Macbook owners report that their devices become unbootable after attempting to update to the latest version of macOS, codenamed 'Monterey. Since macOS Monterey has been released, social media is filling up with a growing number of complaints about their devices becoming "Bricked" or unbootable after upgrading.

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. System Integrity Protection aka "Rootless" is a security feature introduced in OS X El Capitan that's designed to protect the macOS operating system by restricting a root user from executing unauthorized code or performing operations that may compromise system integrity.

An Apple software installation daemon called system installd allowed its child processes to bypass SIP's normal restrictions on filesystem access. Unleashed on world+dog with 2015's El Capitan release, MacOS SIP is intended to ensure that system-level files on a Mac can only be modified by Apple-signed installers or the fruity firm's own update mechanism - locking out even root users.

Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers. A security researcher who analyzed the patch created a POC that worked on iOS 15.0 and iOS 14.7.1, and said it would probably work on earlier versions of the OS. Two weeks later, the fix has finally been included in iOS and iPadOS 14.8.1, tvOS 15.1, and watchOS 8.1.