Critical macOS Bug Could Allow Threat Actors Install Undetectable Malware In Apple Devices


  • A new flaw was discovered within macOS SIP
  • Microsoft security experts reported it to Apple
  • Apple rolled out a patch to fix the vulnerability

Apple devices that run on macOS have a vulnerability, which, if not fixed, could be exploited by hackers to install a malicious kernel driver, also known as a rootkit.

The bug, which was uncovered by tech juggernaut Microsoft, was found within macOS System Integrity Protection (SIP).  Had Apple failed to patch it, hackers can use it to install a hardware interface that they could utilize to overwrite system files, as well as install hard to detect malicious software.

“We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process,” the Microsoft researchers said in a blog post.

Apple unveils a new MacBook Air, Mac Mini and iPad Pro Apple unveils a new MacBook Air during an Apple launch event at the Brooklyn Academy of Music on October 30, 2018 in New York City. Apple also debuted a new Mac Mini and iPad Pro. Photo: Getty Images/Stephanie Keith

“Security technology like SIP in macOS devices serves both as the device’s built-in baseline protection and the last line of defense against malware and other cybersecurity threats. Unfortunately, malicious actors continue to find innovative ways of breaching these barriers for these very same reasons. They can take complete control of the device and run any files or processes they wish without getting detected by traditional security solutions,” explained Jonathan Bar-Or, of the Microsoft 365 Defender Research team.

“This OS-level vulnerability and others that will inevitably be uncovered add to the growing number of possible attack vectors for attackers to exploit,” Bar-Or noted. “As networks become increasingly heterogeneous, the number of threats that attempt to compromise non-Windows devices also increases.”

Apple already patched the flaw, which is labeled as CVE-2021-30892, in macOS Monterey and in the updates for Big Sur and Catalina. The Cupertino-based tech titan has patched several more critical bugs in its most recent updates for macOS Monterey.

The Microsoft 365 Defender Research team also…