Apple has patched a security flaw in macOS that Microsoft researchers found could be used to install a malicious kernel driver, otherwise known as a ‘rootkit’.
The flaw resided within macOS System Integrity Protection (SIP). The glitch allowed a potential attacker to install a hardware interface that allows them to “overwrite system files, or install persistent, undetectable malware”.
The discovery reflects Microsoft’s increased focus on enterprise customers that use a mix of Windows and macOS under hybrid work arrangements, which is evidenced by products like its cross-platform security product, Microsoft Defender for Endpoint. Microsoft introduced Defender ATP for Macs in 2019, well before the pandemic pushed everyone to hardware they used at home.
“This OS-level vulnerability and others that will inevitably be uncovered add to the growing number of possible attack vectors for attackers to exploit,” explains Jonathan Bar Or, from the Microsoft 365 Defender Research team.
“As networks become increasingly heterogeneous, the number of threats that attempt to compromise non-Windows devices also increases.”
SIP, aka ‘rootless’, locks down the system from root by using Apple’s