Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

More than two years ago, a researcher, A2nkF, published the details of an interesting exploit chain on the Objective-See blog. He demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading.

After diving into the second vulnerability of the exploit chain, Trend Micro researchers found that Apple’s patch for this issue is easy to bypass in many ways. Apple then released an update to address the issues (CVE-2022-26690CVE-2022-32786, and a few more), thanks to this investigation’s credit.

Incidentally, Trend Micro also disclosed 15+ new SIP-bypass vulnerabilities to Apple and talked about some of them at the POC2022 Security Conference. This is the second entry of a three-part series of blog entries. The first blog discussed SIP introduction and special daemon services’ entitlements.

Read more…
Source: Trend Micro