[原文]Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon.
Orbicule Undercover Permission Modification Local Disable
Local Access Required
Loss of Integrity
Undercover contains a flaw that may allow a malicious user to disable the application. The program is run by LaunchDaemon, and so an administrative user can trivially disable the protection resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.