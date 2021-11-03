The Microsoft 365 Defender security research team discovered a new vulnerability in macOS that allows an attacker to bypass System Integrity Protection or SIP. This is a critical security feature in macOS which uses kernel permissions to limit the ability to write critical system files.

Microsoft explains that they also found a similar technique that could allow an attacker to gain elevated root privileges on an affected device, basically allowing to install a rootkit on macOS.





Update now available for macOS Monterrey, Catalina and Big Sur





The vulnerability was discovered when evaluating processes entitled to bypass SIP protections in macOS. Microsoft’s security team found that the vulnerability lies in the way Apple signed packages are installed with post-install scripts.

An attacker could create a specially crafted file that hijacks the installation process. After bypassing SIP restrictions, the attacker could install a malicious kernel driver (rootkit), overwrite system files or install persistent and undetectable malware, among other things.

Microsoft shared the findings with Apple through coordinated vulnerability disclosure, and a patch for the problem was released with the October security updates for all current supported versions of macOS: macOS Big Sur, macOS Catalina, and the newer. macOS Monterey.

‘Sgroogled.com’: When MICROSOFT Launched ANTI-GOOGLE Ads

Does your Mac need an antivirus?





Microsoft took the opportunity to comment that this vulnerability is just one of many that will “inevitably be discovered”, and that it only adds to the growing number of attack vectors that can be exploited.

Microsoft released its own antivirus for macOS in early 2019: Microsoft Defender ATP for Mac, a version of the well-known Windows Defender for Apple’s system. The company believes that now that more and more networks are heterogeneous, the number of threats to non-Windows devices will only continue to grow.

Market shares for desktop operating systems are nowhere near what they were 10 or even 5 years ago. macOS continues to cost Windows itself, and let’s remember that this is one of the main reasons for attacking a system: the more people use it, the more potential victims for cybercriminals and the more attractive it becomes to create malware for them.

Apple continues to insist that Macs are more secure than a Windows PC, but let’s not forget that Craig Federighi himself, Apple’s senior vice president of software engineering, beat up macOS during the Epic-Apple trial by saying literally that macOS has an unacceptable level of malware and much worse than on iOS.

Cover Image | Devin Pickell – Flaticon