tags:macossipauth_bypass original link: Breaking SIP with Apple-Signed Packages newsletter link: exploits.club Weekly Newsletter 21
Exploits Club Summary:
L3Harris dropped a post this week discussing their research into bypassing Appleâs System Integrity Protection (SIP). The core idea of the vulnerability class revolves around finding command injection vulnerabilities present in installation scripts of Apple-signed packages with valid certificates. If these packages have theÂ
com.apple.rootless.install.heritables entitlement, this allows them (and subsequentlyâŠattackers), to write to SIP protected locations. The post goes into some of the downsides of this bug class, before discussing the fixes implemented by Apple.