Apple macOS Vulnerability Allows Kernel-Level Compromise

2-Nov-21

‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.

Researchers discovered Shrootless when, in their analysis, they came across the daemon system_installd, which has the powerful com.apple.rootless.install.heritable entitlement. With this entitlement, any child process of system_installd would be able to bypass SIP filesystem restrictions altogether

Read More…