After Microsoft researchers alerted Apple about the vulnerability that could be used by hackers, Apple fixed the security bug in its MacOS software.
Microsoft uncovered a security vulnerability in MacOS that could allow an attacker to bypass macOS’s System Integrity Protection (SIP) and perform arbitrary operations on a device.
A potential attacker can exploit the flaw to set up a hardware interface that would allow them to “overwrite system files, or install persistent, undetectable malware”
Microsoft 365 Defender Research Team said in a statement, “We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR),”
In its most recent security update, Apple addressed this vulnerability, which is now known as CVE-2021-30892.
SIP is a macOS security technology that prevents a root user from performing actions that could jeopardise the system integrity.
The Microsoft researchers noted, ” We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process,”
After bypassing the SIP’s restrictions, the attacker could then install a malicious kernel driver (rootkit), overwrite system files, or install persistent, undetectable malware.
The number of security threats attempting to compromise non-Windows devices is increasing as networks become increasingly heterogeneous.
Apple said that Microsoft Defender for Endpoint on Mac, allows organizations to gain visibility and detect threats on macOS devices.
Microsoft added that “This research underscores the importance of collaboration among security researchers, software vendors, and the larger security community”.