Perception Point, an email and cloud collaboration channel security company, says its researchers have uncovered a zero-day flaw in macOS.
They say that CVE-2022-22583, now fixed in macOS Monterey 12.2, reveals a vulnerability that allows attackers to bypass Apple’s SIP (System Integrity Protection) mechanism, and take full control over the system, provided that they already managed to achieve code execution with high privileges.
SIP is a security mechanism in macOS which represents the final protection layer between an attacker and full control of the system. Introduced by Apple on macOS 10.11 (2015), it has the objective of protecting the system as a whole, and limiting even highest privilege users, such as root users, from performing potentially malicious actions such as overwriting system files, loading a malicious kernel driver, installing malware and more.
The discovered zero-day is a successor to CVE-2021-30892, published by Microsoft last October. This CVE was named “Shrootless” and was fixed on macOS Monterey 12.0.1.
Read the Perception Point blog for a detailed technical description about the newly discovered zero-day exploit.