‘Shrootless’ macOS Bug Could Bypass System Integrity Protection

shrootless mac bug

Microsoft reported a macOS vulnerability it calls Shrootless. It could let an attacker bypass SIP and perform arbitrary operations on the device. It has been patched by Apple with the most recent Mac updates this week.

We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process. After bypassing SIP’s restrictions, the attacker could then install a malicious kernel driver (rootkit), overwrite system files, or install persistent, undetectable malware, among others.

Check It Out: ‘Shrootless’ macOS Bug Could Bypass System Integrity Protection

Discussion

Join the discussionCommenting as a guest — your email is never published · Log in

Protected by Akismet — be kind, stay on topic.

This site uses Akismet to reduce spam. Learn how your comment data is processed.