Critical SIP Bypass Vulnerabilities in macOS PackageKit.framework

I think the issue is that SIP is supposed to be like “beyond root”.<p>Because many installs (heck, going to a page with invalid cert in Safari!) ask for an admins password to install, which gives escalated privileges up to root.<p>So they added a level that requires higher than root access.<p>With this vulnerability, someone typing their password could allow beyond root privileges.<p>That is my simplified parsing of things.<p>Note - I didn’t read the article. I’m not in security. But I did live with Dan Kaminsky for close to 5 years. RIP :&#x2F;

Probably the dumbest thing I&#x27;ve said, but, just skim read as I&#x27;m no expert and these detailed reports go over my head.<p>Why is it such a bad vulnerability if it requires a sudo command?

Can I use this to actually disable&#x2F;delete Apple Music so it doesn&#x27;t open automatically when I press a button on my headphones etc

What is this &quot;shove&quot; operation and how is it different than moving a file the normal way?