coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GITBOOK-3972: change request with no subject merged in GitBook

Browse Source
This commit is contained in:
CPol 2023-06-09 15:35:48 +00:00 committed by gitbook-bot
parent 273f175b12
commit 01df2876d3
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md
View File

@ -78,6 +78,15 @@ SIP also imposes several other restrictions. For instance, it disallows the **lo
## SIP Bypasses
### Prices
If an attacker manages to bypass SIP this is what he will earn:
* Read mail, messages, Safari history... of all users
* Grant permissions for webcam, microphone or anything (by directly writing over the SIP protected TCC database)
* Persistence: He could save a malware in a SIP protected location and not even toot will be able to delete it. Also he could tamper with MRT.
* Easiness to load kernel extensions (still other hardcore protections in place for this).
### Installer Packages
**Installer packages signed with Apple's certificate** can bypass its protections. This means that even packages signed by standard developers will be blocked if they attempt to modify SIP-protected directories.