'Shrootless' macOS Bug Could Bypass System Integrity Protection

Microsoft reported a macOS vulnerability it calls Shrootless. It could let an attacker bypass SIP and perform arbitrary operations on the device. It has been patched by Apple with the most recent Mac updates this week.

We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process. After bypassing SIP’s restrictions, the attacker could then install a malicious kernel driver (rootkit), overwrite system files, or install persistent, undetectable malware, among others.

'Yoink' and 'Transloader' are Both Ready for macOS Monterey With Shortcuts

Yoink is a popular “shelf” app that improves drag and drop on your Mac, in a “hold these files for me while I do something else for a while” kind of way. New in Yoink v3.6: Shortcuts integration; Yoink comes with Shortcuts actions for adding files to Yoink, getting files from Yoink, saving the clipboard’s contents in Yoink, and for removing all files, which allow for all sorts of powerful workflows. Transloader lets you manage downloads on your Macs, remotely from your iPhones, iPads, and other Macs. New in Transloader v3.1: Shortcuts integration; Build powerful download workflows and automate downloads on remote Macs with the shortcuts you already know and love from iOS; Shortcuts can also be called in Transloader’s Link- and File Actions, in order to hand links or downloaded files over to a particular shortcut.