Connect with us

Technology

Microsoft Reports SIP-bypassing “Shrootless” Vulnerability in MacOS

Max King

Published

on

Enlarge / The worm says, “I’ve got root!” (credit: Andreus / Getty Images)

The Microsoft 365 Defender Research Team released a blog post yesterday describing a newly found macOS vulnerability that can abuse entitlement inheritance in macOS’s System Integrity Protection (SIP) to allow execution of arbitrary code with root-level privilege. The vulnerability is listed as CVE-2021-30892 and has been given the nickname “Shrootless.”

To explain how Shrootless works, we need to review how SIP functions. Introduced back in 2015 with OS X 10.11 El Capitan (and explained in detail on pages eight and nine of our review), SIP attempts to do away with an entire class of vulnerabilities (or at least neuter their effectiveness) by adding kernel-level protections against changing certain files on disk and certain processes in memory, even with root privilege. These protections are (more or less) inviolable unless one disables SIP, which cannot be done without rebooting into recovery mode and executing a terminal command.

The Shrootless exploit takes advantage of the fact that, while root privilege is no longer sufficient to change important system files, the kernel itself still can—and does—alter protected locations as needed. The most obvious example is when installing an application. Apple-signed application install packages have the ability to do things normally prohibited by SIP, and that’s where Shrootless slides in.

Read 5 remaining paragraphs | Comments

Article: arstechnica.com

Technology

Sex N’ the City: a (Super Unauthorized) Musical Parody Opens in Las Vegas

Max King

Published

on

LAS VEGAS, May 25, 2022 /PRNewswire/ — The Modern Showrooms at Alexis Park Resort Hotel (www.ModernVegas.com) are ecstatic to announce everyone’s favorite New York City singles are making their way to Las Vegas in a live stage show Sex n’ The City: A (Super Unauthorized) Musical Parody. Sex n’ The City: A (Super Unauthorized) Musical Parody opens its first-ever residency beginning May 28, 2022. It’s the ultimate ‘Girls Night Out’ featuring Bottomless Champagne with most tickets.

Sex n’ The City: A (Super …

Full story available on Benzinga.com

Article: benzinga.com

Continue Reading

Technology

Very Good Food Company Shares Skyrockets on Canada Retail Expansion

Max King

Published

on

Very Good Food Company Inc (NASDAQ: VGFC) has increased retail distribution across Canada with Loblaw Companies Ltd (TSX: L) (OTC: LBLCF).
The company’s products will be available in more than 2,000 …

Full story available on Benzinga.com

Source Here: benzinga.com

Continue Reading

Technology

Beer Institute Releases April 2022 Domestic Tax Paid Estimate

Max King

Published

on

WASHINGTON, May 25, 2022 (GLOBE NEWSWIRE) — Today, the Beer Institute published an unofficial estimate of domestic tax paid shipments by beer brewers for April 2022:

The April 2022 estimate is 13,700,000 barrels, a decrease of 5.9% compared to April 2021 removals of 14,557,000.

Domestic Tax Paid – TTB

(31 Gallon Barrels)

Month
2021
2022
Percent Change
Volume Change

January …

Full story available on Benzinga.com

Article: benzinga.com

Continue Reading

Trending

WOC.io