![]() Such visibility rolls up to Microsoft Defender for Endpoint, which provides organizations with a “single pane of glass” where they can detect, manage, respond, and remediate vulnerabilities and threats across different platforms. Microsoft Defender for Endpoint on Mac enables organizations to gain visibility and detect threats on macOS devices. As networks become increasingly heterogeneous, the number of threats that attempt to compromise non-Windows devices also increases. This OS-level vulnerability and others that will inevitably be uncovered add to the growing number of possible attack vectors for attackers to exploit. After bypassing SIP’s restrictions, the attacker could then install a malicious kernel driver (rootkit), overwrite system files, or install persistent, undetectable malware, among others. A malicious actor could create a specially crafted file that would hijack the installation process. We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. We discovered the vulnerability while assessing processes entitled to bypass SIP protections. SIP is a security technology in macOS that restricts a root user from performing operations that may compromise system integrity. A fix for this vulnerability, now identified as CVE-2021-30892, was included in the security updates released by Apple on October 26, 2021. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device. ![]() Endpoint management Endpoint management.Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.Azure Active Directory part of Microsoft Entra.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |