I am Shroot-less
Microsoft works around the clock to protect their customers, no matter what product they’re using, Microsoft or otherwise. In some instances Microsoft teams up with other companies, creating an all-star cybersecurity team, to handle newly discovered vulnerabilities. It helps everyone stay more secure, and of course, that's the ultimate goal, right?
In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are re-joined by Jonathan Bar Or, Principal Security Researcher at Microsoft. Jonathan discusses the recently discovered vulnerability that could let attackers bypass System Integrity Protection (SIP) in macOS, why he believes in investing in cross-platform protection, and the importance of collaboration between security researchers, software vendors, and the larger security community.
In This Episode You Will Learn:
- What is System Integrity Protection (SIP)
- How attackers can bypass SIP
- How attackers can use the Shrootless vulnerability
Some Questions We Ask:
- How did you find the Shrootless vulnerability?
- How do you decide what products to assess?
- How does the process of submitting a vulnerability to Apple work?
Resources:
Microsoft finds new macOS vulnerability - Shrootless
View Jonathan Bar Or on LinkedIn
View Nic on LinkedIn
View Natalia on LinkedIn
Related:
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Listen to: Afternoon Cyber Tea with Ann Johnson
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.