Connect with us

Technology

Microsoft Reports SIP-bypassing “Shrootless” Vulnerability in MacOS

Published

on

Enlarge / The worm says, “I’ve got root!” (credit: Andreus / Getty Images)

The Microsoft 365 Defender Research Team released a blog post yesterday describing a newly found macOS vulnerability that can abuse entitlement inheritance in macOS’s System Integrity Protection (SIP) to allow execution of arbitrary code with root-level privilege. The vulnerability is listed as CVE-2021-30892 and has been given the nickname “Shrootless.”

To explain how Shrootless works, we need to review how SIP functions. Introduced back in 2015 with OS X 10.11 El Capitan (and explained in detail on pages eight and nine of our review), SIP attempts to do away with an entire class of vulnerabilities (or at least neuter their effectiveness) by adding kernel-level protections against changing certain files on disk and certain processes in memory, even with root privilege. These protections are (more or less) inviolable unless one disables SIP, which cannot be done without rebooting into recovery mode and executing a terminal command.

The Shrootless exploit takes advantage of the fact that, while root privilege is no longer sufficient to change important system files, the kernel itself still can—and does—alter protected locations as needed. The most obvious example is when installing an application. Apple-signed application install packages have the ability to do things normally prohibited by SIP, and that’s where Shrootless slides in.

Read 5 remaining paragraphs | Comments

Article: arstechnica.com

Technology

Food En Route to Hungry Haitian Pre-Trial Detainees & Inmates

Published

on

Port-au-Prince, Haiti, Dec. 05, 2021 (GLOBE NEWSWIRE) — Pre-trial detainees and inmates of 20 overcrowded Haitian prisons across the country will be steadily receiving life-saving food support over the next three months through a joint relief effort by non-profits World Hope International, Rise Against Hunger, Health through Walls, and AIDS Healthcare Foundation.

Despite significant efforts by the international community, the proportion of pre-trial detainees in Haitian prisons has continued to grow and reached 82% of the overall prison population.

This situation has resulted in extreme overcrowding in most prisons, and detainees have limited access to the outdoors and to sanitation services. Due to irregular and insufficient supplies, the ~11,000 prisoners and detainees have extremely limited access to food, water, and health services across the prisons, often receiving less than one meal per day.

Malnutrition makes persons more susceptible to infectious disease, and once infected, more likely to have a poor outcome. Malnutrition also exacerbates chronic diseases. To respond to all these needs, the Haitian Prison Authority needs more capacity as per Dr. John May, HtW President.

In response to the crisis, Rise Against Hunger has committed 12 containers of food from across the United States to feed this population for three months. World Hope International will manage the logistics of transporting and importing the food into Haiti, and Health through Walls and AIDS Healthcare Foundation will distribute the supplies to the 20 prisons across the mainland. 

“World Hope International has been operating in Haiti since 1996 and we just completed some similar logistics support for partners in response to the earthquake in August,” said John Lyon, World Hope International CEO & President. “We believe everyone should have access to food and other vital resources like clean water. We’re glad to be able to form this relief consortium with Rise Against Hunger, Health through Walls and AIDS Healthcare Foundation to ensure that these detainees and prisoners are getting the sustenance—and hope—they need during this difficult period of time in Haiti.” 

“As the effects of August’s 7.2-magnitude earthquake, political unrest and increased turmoil have been felt across Haiti, Rise Against Hunger has been especially focused on supporting …

Full story available on Benzinga.com

Original Post: benzinga.com

Continue Reading

Technology

Hackers Steal $200M Worth of Shiba Inu, Saitama, and Other Tokens From Bitmart Exchange

Published

on

On Saturday, the crypto exchange Bitmart lost almost $200 million in a hack involving the Ethereum (CRYPTO: ETHER) and Binance Smart Chain blockchains. 

According to the blockchain security and data analytics provider Peckshield, the hackers took around $100 million in Ethereum-based coins and $96 million in coins on the Binance Smart Chain. Almost 50 different types of tokens were stolen.

The theft included Shiba Inu (CRYPTO: SHIB), Binance Coin (CRYPTO: BNB), BabyDogeSaitama (CRYPTO: SAITAMA), Dogelon Mars (CRYPTO: ELON), Crypto.com (CRPTO: CRO), Decentraland (CRYPTO: MANA), and …

Full story available on Benzinga.com

Original Source: benzinga.com

Continue Reading

Technology

Tunnel to Towers Foundation Announces Nationwide Campaign to Combat Veteran Homelessness

Published

on

Staten Island, NY, Dec. 04, 2021 (GLOBE NEWSWIRE) — The Tunnel to Towers Foundation is honored to announce its newest campaign, Operation Homebase, a nationwide effort to eradicate Veteran homelessness. 

All Veterans who honorably served our country in peacetime or in war deserve our nation’s gratitude.

The Tunnel to Towers Foundation is steadfast in its promise to support the members of our armed forces and is taking this ambitious step to provide support to the Veterans who need it most. 

We would not abandon our servicemen and women on the battlefield and we should not leave them behind in our own country. Those that fought for us should not be struggling in the streets of the country …

Full story available on Benzinga.com

Original Article: benzinga.com

Continue Reading

Trending

WOC.io