Critical macOS Bug Could Allow Threat Actors Install Undetectable Malware In Apple Devices

Apple devices that run on macOS have a vulnerability, which, if not fixed, could be exploited by hackers to install a malicious kernel driver, also known as a rootkit.

The bug, which was uncovered by tech juggernaut Microsoft, was found within macOS System Integrity Protection (SIP). Had Apple failed to patch it, hackers can use it to install a hardware interface that they could utilize to overwrite system files, as well as install hard to detect malicious software.

"We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process," the Microsoft researchers said in a blog post.

"Security technology like SIP in macOS devices serves both as the device's built-in baseline protection and the last line of defense against malware and other cybersecurity threats. Unfortunately, malicious actors continue to find innovative ways of breaching these barriers for these very same reasons. They can take complete control of the device and run any files or processes they wish without getting detected by traditional security solutions," explained Jonathan Bar-Or, of the Microsoft 365 Defender Research team.

"This OS-level vulnerability and others that will inevitably be uncovered add to the growing number of possible attack vectors for attackers to exploit," Bar-Or noted. "As networks become increasingly heterogeneous, the number of threats that attempt to compromise non-Windows devices also increases."

Apple already patched the flaw, which is labeled as CVE-2021-30892, in macOS Monterey and in the updates for Big Sur and Catalina. The Cupertino-based tech titan has patched several more critical bugs in its most recent updates for macOS Monterey.

The Microsoft 365 Defender Research team also underlined the importance of collaboration among security researchers, software vendors and the security community. With the growing number of threat actors devising ways to find flaws and exploit them, the team said looking out for each other can help technologies and make consumers' overall experience safe.

"This research underscores the importance of collaboration among security researchers, software vendors, and the larger security community. As cross-platform threats continue to increase, vulnerability discoveries, coordinated response, and other forms of threat intelligence sharing help enrich our protection technologies that secure users' computing experience regardless of the platform or device they're using," Microsoft added.