"Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels"

Mac security specialist Patrick Wardle discovered an injection flaw connected to how macOS handles software updates on the system that could allow attackers to access all files on Mac devices.  The researcher demonstrated how threat actors could abuse the flaw to take over the device.  Wardle stated that after deploying the initial attack, he was then able to escape the macOS sandbox (a feature designed to limit successful hacks to one app) and then bypass the System Integrity Protection (SIP), which effectively enabled the deployment of non-authorized code.  The researcher stated that he first found the vulnerability in December 2020 and subsequently reported the issue to Apple through the company’s bug bounty scheme.  Apple addressed this vulnerability in the macOS Monterey update.  

Infosecurity reports: "Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels"