Apple Patches Malicious MacOS Vulnerability Discovered by Microsoft

In a somewhat strange exchange between two software giants, Apple patched a serious vulnerability in macOS. The issue was originally discovered by a Microsoft security research team and could be abused by threat actors to install a malicious rootkit on the target Mac.

The good news is that if you are running the most current version of macOS, you are already protected from attacks using this vector. The vulnerability was related to the system integrity protection or SIP. The bug allowed bad actors to overwrite system files as well as install what researchers call "persistent, undetectable malware".

The reason why an issue with a different, arguably rival operating system, was discovered by Microsoft's own researchers is that Microsoft seems to be focusing more and more on large enterprise customers who operate networks that use both Windows and macOS.

As ZDNet reported, Microsoft seems to be working a lot in this direction, with the full launch of the company's Defender for Endpoint product in 2021. Defender for Endpoint is a solution that works not just on MS Windows systems but virtually on any OS, including Apple and Android, and can be a great tool in a "bring your own device" environment.

Microsoft's researchers noted that current-day networks are becoming increasingly diverse and are moving away from homogeneity and towards a mixture of operating systems and infrastructure. Concurrently with this, bad actors are working on more and more tools and innovative attack vectors that can target non-Windows systems.

The issue with macOS's system integrity protection has been cataloged under the handle CVE-2021-30892 and has already been patched by Apple.

Of course, this once again leads to the long-standing debate on whether or not Mac computers need anti-malware applications. There are still people who believe Macs are bulletproof and cannot be targeted by any virus or other form of malware. The last few years have shown unequivocally that Macs can be targeted and threat actors have made moves and advancements to target them.