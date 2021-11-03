Shrootrless is the name given by researchers. It is a method that could allow cybercriminals to gain full (root) access to macOS computers, bypassing System Integrity Protection (SIP). The alert came from the Microsoft Security Vulnerability Search group and was sent to rival Apple.

SIP was introduced in OS X 10.11 in 2015. The idea is to prevent a user with root access (ie, before the operating system is loaded) from performing actions that compromise the integrity of the system. With the Shrootless technique, a malicious figure could manipulate restricted files and install rootkits, malware with pre-system access.

According to Microsoft researchers, Shrootless works by tricking SIP, which allows special Apple processes to operate with full privilege. These allowed processes are typically system updates or application installations from the manufacturer.

The attack works through a specially crafted file that inherits rights from a legitimate Apple installation process.

Why did Microsoft study Apple’s system?

But what were Microsoft experts doing digging into rival Apple’s code? According to them, it is an issue that computers with compromised macOS may be on the same networks as those with Windows.

“This operating system-level vulnerability and others that will inevitably be discovered add to the growing number of potential vectors for attackers to exploit,” the researchers say in the Microsoft blog post. “As networks become more and more heterogeneous, the number of threats that try to compromise non-Windows equipment also grows.”

According to Microsoft, Apple released a security update last October 26th (just before the post came out) that fixed the issue.

