Apple macOS Vulnerability Allows Kernel-Level Compromise
2-Nov-21
‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.
Researchers discovered Shrootless when, in their analysis, they came across the daemon system_installd, which has the powerful com.apple.rootless.install.heritable entitlement. With this entitlement, any child process of system_installd would be able to bypass SIP filesystem restrictions altogether
