The vulnerability could bypass System Integrity Protection (SIP) and execute arbitrary code.
Microsoft specialists uncovered details about the vulnerability in macOS, which they duly notified Apple about and which the Apple company has already fixed.
Microsoft researchers have named this vulnerability Shrootless. It allows attackers to bypass the Integrity Protection (SIP) feature and execute arbitrary code. In the course of their research, experts also discovered a new attack method that allows for privilege escalation.
The problem has to do with how the software package is signed by Apple and how the post-installation scripts are installed in it. The researchers found that attackers can use this mechanism for malicious purposes by creating a custom package that can intercept the installation process. After bypassing SIP, an attacker can install rootkits and undetectable malware, and even overwrite system files.
The cause of the problem is a design flaw. In some cases, software packages require access to SIP-protected directories (system updates are a prime example). Apple assigns com.apple.rootless.install and com.apple.rootless.install.inheritable rights to these packages to bypass SIP checks.
While analyzing macOS processes to bypass SIP, experts came across the system_installd daemon with powerful com.apple.rootless.install.inheritable rights. With these rights, any system_installd child process can bypass all SIP-set file system restrictions.
The researchers decided to examine all the child processes of system_installd and were surprised to find several cases that allow hackers to abuse this functionality to bypass SIP.
For example, when you install an Apple-signed package (.pkg file), the package will initiate the system_installd process, which is responsible for installing it. If the package contains any post-installation scripts, system_installd starts them by initiating the default shell (on macOS, this is zsh). It is noteworthy that after starting zsh looks for the / etc / zshenv file and, if found, automatically runs commands from it, even in non-interactive mode. Therefore, in order to perform arbitrary operations on the device, attackers can create a malicious file / etc / zshenv and then wait for system_installd to invoke zsh.
As mentioned earlier, during this process, Microsoft also discovered that not only Shrootless, but also zshenv can be used as a general attack pattern. Abuse of this shell can lead to privilege escalation.
The vulnerability, identified as CVE-2021-30892, was patched by Apple on October 26, 2021 with the release of updates for macOS Monterey, Catalina and Big Sur.
Hacker Hacked Fast Company’s Apple News Account and Spread Racist Messages
An unknown hacker was able to access the business publication Fast Company’s Apple News account and sent out a series of obscene and racist messages via push notifications. Subscribers are the victims.
Fast Company confirmed the hack, and so did Apple. The incident is currently under investigation.
“Fast Company’s Apple News account was hacked Tuesday night. After that, two push notifications with obscene and racist content were sent with a minute interval. The messages are disgusting and do not match Fast Company content. We are investigating the incident and have also paused feed updates and closed FastCompany.com until we are confident the situation has been resolved.“, – noted in the publication.
Shortly before the shutdown, the hacker himself posted an entire article on the Fast Company website, where he described in detail how he managed to bypass the protection. It turned out that the accounts on the site were protected by the same password, this also applies to the account of the site administrator. Having gained access to them, the hacker was able to get to the authentication tokens and log in to Apple News.
At the same time, in addition to hooliganism, no financial losses or manipulations were recorded.
Young hacker who leaked GTA 6 material denies his guilt
The 17-year-old hacker, who was previously arrested in the UK on suspicion of hacking Rockstar Games and Uber, has pleaded not guilty. According to police, he appeared in court over the weekend, but refused to plead guilty to PC misuse. At the same time, he admitted that he violated the conditions of release on bail. Now he is being held in a juvenile detention center.
According to investigators, the 17-year-old is part of the Lapsus$ hacker group and is behind the recent leak of videos and other details of the $2 billion GTA 6 game.
Earlier, a hacker under the nickname teapotuberhacker published an archive with video and source code from an early version of GTA 6, which has already gone viral. Take-Two tried to stop the spread of the leak, but it was only partially successful.
The hacker also said that it was he who attacked the Uber computer system, gaining access to correspondence, email addresses, and so on.
At the moment, the investigation is ongoing, so it is not yet clear how this story will end.
Cloudflare introduces world’s first eSIM with better security than VPN
Cloudflare has introduced a new solution that may be suitable for smartphone and mobile Internet users. We are talking about an eSIM card called Zero Trust SIM. Its peculiarity is that it provides an increased level of security, reducing the risk of number substitution.
In technical terms, we are talking about the transfer of DNS requests through the Cloudflare gateway, which allows you to protect them from interception and spoofing. Also promised is a check of all intermediate nodes through which the device accesses the Internet.
According to Cloudflare CTO John Graham-Cumming, Zero Trust SIM technology can outperform VPNs and other security systems as it provides cell-level protection.
Zero Trust SIM will launch first in the US, where only a virtual card for iOS and Android will be available at first. When activated, it will bind to a specific device and allow you to protect it. Physical maps are also expected in the future.
The company is also launching Zero Trust for Mobile Operators, an affiliate program for telecom operators that will enable them to offer subscriptions to the services and tools of the Zero Trust platform. In addition, a similar project is expected for the Internet of Things.
10,995 mAh, 2K display, 5-component acoustics and 8-megapixel camera. Huawei introduced a non-standard portable screen
Huawei has introduced an interesting device called Smart Screen Portable. Based on the designation, this is an additional portable screen...
There may be problems with the official repair of Xiaomi Mi 8, Mi 9 Explorer and Redmi K20 Pro. Xiaomi has stopped after-sales service for these models
As of today, Xiaomi has stopped after-sales service for several of its phones released in 2018 and 2019. We are...
Tesla Dojo Supercomputer Unveiled: So Powerful It Shut Down Power Grid in Palo Alto
Tesla unveiled its latest iteration of its Dojo supercomputer, which proved to be so powerful it shut down the power...
MediaTek beats Qualcomm again. Asus ROG 6 Dimensity Supreme Edition on MediaTek Dimensity 9000+ Tops AnTuTu Flagship Smartphone Performance Rankings
The developers of the AnTuTu benchmark have published another performance rating of top smartphones for September. It has only one...
Components7 days ago
Ryzen 9 7950X at 6.5 GHz consumes as much as a non-overclocked Core i9-12900K
Headphones6 days ago
The main innovation of AirPods Pro 2 is now offered to be turned off: touch volume control was not to everyone’s liking
Gaming7 days ago
The last secret of the “lightweight” PlayStation 5. The console received an updated AMD Oberon Plus platform
Components7 days ago
Intel is finally ready to release its top-end Arc graphics cards. Reviews due October 5th