New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems
Oct 29, 2021
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed " Shrootless " and tracked as CVE-2021-30892 , the "vulnerability lies in how Apple-signed packages with post-install scripts are installed," Microsoft 365 Defender Research Team's Jonathan Bar Or said in a technical write-up. "A malicious actor could create a specially crafted file that would hijack the installation process." System Integrity Protection ( SIP ) aka "rootless" is a security feature introduced in OS X El Capitan that's designed to protect the macOS operating system by restricting a root user from executing unauthorized code or performing operations that may compromise system integrity. Specifically, SIP allows modification of prote...
