8 matches found
CVE-2021-30892
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to modify protected parts of the file system...
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to g...
Apple macOS Flaw Allows Kernel-Level Compromise
Apple has patched a vulnerability in macOS can allow attackers to bypass a key OS protection and install a malicious rootkit to perform arbitrary operations on a device, researchers from Microsoft have discovered. The problem—dubbed “Shrootless”–is associated with a security technology called...
CVE-2021-30892
creationtimestamp| type| source ---|---|--- 2021-10-29 11:33:01+00:00| seen| https://t.me/CyberSecurityTechnologies/4623 2021-10-29 13:05:15+00:00| seen| https://t.me/thehackernews/1621 2021-10-29 17:05:17+00:00| seen| https://t.me/cKure/7812 2021-11-08 11:07:01+00:00| published-proof-of-concept|...
New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed "Shrootless"...
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...
CVE-2021-30892
CVE-2021-30892 is a macOS SIP bypass exposed via Apple-signed post-install flows and the SystemMigration stack. The authenticated bystander code-paths can enable a child process to inherit or re-enable code-signing/SIP checks, allowing manipulation of SIP-protected files and parts of the filesyst...