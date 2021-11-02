Threat actors could use a critical macOS bug to install undetectable malware on Apple devices.

Hackers could use a vulnerability in Apple devices running macOS to install a malicious kernel driver, sometimes known as a rootkit, if it is not fixed.

The flaw was discovered in macOS System Integrity Protection, which was discovered by tech giant Microsoft (SIP). If Apple does not patch it, hackers will be able to use it to install a hardware interface that will allow them to overwrite system files and install difficult-to-detect harmful software.

“The flaw is in the way Apple-signed packages with post-install scripts are installed, according to our findings. A malicious actor could produce a specially constructed file to hijack the installation process, for example “According to a blog post by Microsoft researchers.

“In macOS devices, security technology like SIP serves as the device’s built-in baseline protection as well as the device’s last line of defense against malware and other cybersecurity threats. Malicious actors, unfortunately, continue to devise new ways to get over these obstacles for the same reasons. Without being noticed by typical security solutions, they can take complete control of the device and run any files or processes they want “Jonathan Bar-Or, a member of the Microsoft 365 Defender Research team, detailed the situation.

“This OS-level vulnerability, together with others that will certainly be discovered,” Bar-Or said, “increases the number of available attack channels for attackers to exploit.” “As networks become more varied, so does the amount of attackers attempting to compromise non-Windows devices.” The bug, dubbed CVE-2021-30892, was already corrected in macOS Monterey and the patches for Big Sur and Catalina. In its most recent upgrades for macOS Monterey, the Cupertino-based tech giant has fixed numerous more severe bugs.

Collaboration among security researchers, software providers, and the security community is also important, according to the Microsoft 365 Defender Research team. With an increasing number of threat actors finding new ways to uncover and exploit defects, the team believes that keeping an eye on each other can improve technology and ensure that customers’ entire experience is safe.

“The necessity of collaboration among security researchers, software vendors, and the greater security community is highlighted in this study. As cross-platform threats grow, vulnerability discoveries, coordinated responses, and other kinds of threat information sharing help us improve our security solutions so that customers’ computing experiences are secure regardless of the platform or device they use “Microsoft has added to the mix.