Security Unlocked 12.22.21
Ep 54 | 12.22.21

I am Shroot-less

Show Notes

Microsoft works around the clock to protect their customers, no matter what product they’re using, Microsoft or otherwise. In some instances Microsoft teams up with other companies, creating an all-star cybersecurity team, to handle newly discovered vulnerabilities. It helps everyone stay more secure, and of course, that's the ultimate goal, right?  

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are re-joined by Jonathan Bar Or, Principal Security Researcher at Microsoft. Jonathan discusses the recently discovered vulnerability that could let attackers bypass System Integrity Protection (SIP) in macOS, why he believes in investing in cross-platform protection, and the importance of collaboration between security researchers, software vendors, and the larger security community.   

In This Episode You Will Learn

  • What is System Integrity Protection (SIP) 
  • How attackers can bypass SIP 
  • How attackers can use the Shrootless vulnerability 

 Some Questions We Ask: 

  • How did you find the Shrootless vulnerability? 
  • How do you decide what products to assess? 
  • How does the process of submitting a vulnerability to Apple work? 

Resources:   

Microsoft finds new macOS vulnerability - Shrootless 

View Jonathan Bar Or on LinkedIn 

View Nic on LinkedIn  

View Natalia on LinkedIn  

Related:   

Listen to: Security Unlocked: CISO Series with Bret Arsenault     

Listen to: Afternoon Cyber Tea with Ann Johnson    

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.