The zero-day, a successor to Microsoft’s recently published “Shrootless” vulnerability, allows attackers to take full control over the victim’s system.

TEL-AVIV, Israel, January 27, 2022 – Perception Point, a leading email and cloud collaboration channel security company offering fast interception of content-borne attacks as a service, announced today its researchers have uncovered a zero-day flaw in macOS. CVE-2022-22583, now fixed in macOS Monterey 12.2, reveals a vulnerability that allows attackers to bypass Apple’s SIP (System Integrity Protection) mechanism, and thus take full control over the system, provided that they already managed to achieve code execution with high privileges.

SIP is a security mechanism in macOS which represents the final protection layer between an attacker and full control of the system. Introduced by Apple on macOS 10.11 (2015), it has the objective of protecting the system as a whole, and limiting even highest privilege users, such as root users, from performing potentially malicious actions such as overwriting system files, loading a malicious kernel driver, installing malware and more.

The discovered zero-day is a successor to CVE-2021-30892, published by Microsoft last October. This CVE was named “Shrootless” and was fixed on macOS Monterey 12.0.1. 

The zero-day was discovered as part of Perception Point’s ongoing research work to fortify its patented dynamic scanning technology, the HAP™ (hardware-assisted platform), which combines CPU-level data with innovative software algorithms to rapidly intercept any type of exploit, in both Windows or Mac operating systems. 

“Attackers are becoming increasingly sophisticated, and are attempting to find exploits and vulnerabilities that are OS-specific,” said Shlomi Levin, CTO at Perception Point. “With the growing popularity of Mac computers, it is imperative to be able to intercept content-borne threats on both Windows and macOS to fully protect the organization”. 

Read the blog for a detailed technical description about the newly discovered zero-day exploit.

About Perception Point

Perception Point is a Prevention-as-a-Service company providing the fastest and most accurate next-generation detection and response to any content-borne attack across email and all cloud collaboration channels, including cloud storage, cloud apps, and APIs for proprietary applications. The solution’s natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations. Deployed in minutes, with no change to the enterprise’s infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users.

To learn more about Perception Point, visit our website, or follow us on LinkedIn, Facebook, and Twitter.