CVE-2022-22639 is a recently discovered, already patched macOS vulnerability in suhelperd, a helper daemon process for Software Update in Apple’s operating system. The vulnerability was discovered by Trend Micro researchers who also provided a detailed analysis of the issue. More specifically, the researchers located the vulnerability in SUHelper.
CVE-2022-22639 macOS Root Privilege Escalation Vulnerability
The team discovered a vulnerability in suhelperd, a helper daemon process for Software Update in macOS. It turned out that a class inside suhelperd, known as SUHelper, which provides an essential system service through the inter-process communication (IPC) mechanism, could trigger the vulnerability in specific circumstances.
“The process runs as root and is signed with special entitlements, such as com.apple.rootless.install, which grants the process permission to bypass System Integrity Protection (SIP) restrictions. This combination of functionalities presents an attractive opportunity for malicious actors to exploit the vulnerability,” the report said.
If exploited successfully, the CVE-2022-22639 vulnerability could allow root privilege escalation. Fortunately, Apple was quick to resolve the issue and release a patch in macOS Monterey 12.3 (which contains other security fixes as well).
In 2021, another vulnerability that bypassed SIP protections was discovered. Shrootless, or CVE-2021-30892, is another OS-level vulnerability that could allow threat actors to circumvent security restrictions, known as System Integrity Protection (SIP), in macOS, to take over the device. Once this is done, hackers could perform various arbitrary operations without being detected by security solutions. Details about the vulnerability were disclosed by Microsoft.