MacOS vulnerability addressed by Microsoft

MacOS bug could let hackers bypass SIP restrictions

2 Mins Read

PUREVPNNewsMacOS bug could let hackers bypass SIP restrictions

Apple recently addressed a vulnerability that allowed attackers with root privileges to bypass System Integrity Protection (SIP) and install “undeletable” malware. This flaw, called Migraine (CVE-2023-32369), was discovered by Microsoft security researchers and patched by Apple in recent security updates.

What’s SIP?

System Integrity Protection (SIP), also called ‘rootless,’ is a security feature in macOS that prevents unauthorized software from modifying specific files and folders. It ensures that only trusted processes, signed by Apple or possessing specific entitlements, can change the operating system’s protected parts.

Source: Macsales

However, the researchers found that attackers with root permissions could bypass SIP by

  • exploiting the macOS Migration Assistant utility. 
  • With its special entitlements, this utility had the ability to bypass SIP checks. Attackers could execute their code without restarting the system by automating the migration process and adding a malicious payload to SIP’s exclusions list.

https://www.microsoft.com/en-us/videoplayer/embed/RW14MaR

What’s the danger?

Bypassing SIP has significant risks, as it 

  • allows for creating SIP-protected malware that cannot be easily removed.
  • Expands the attack surface and enables attackers to tamper with system integrity, potentially installing rootkits to hide malicious processes and files.
  • Enables attackers to bypass Transparency, Consent, and Control (TCC) policies, gaining unrestricted access to the victim’s private data. 
  • Vulnerability adds to previous SIP bypasses discovered by Microsoft researchers, highlighting the importance of ongoing security efforts to protect macOS users.

Source: Microsoft

Overall, addressing these vulnerabilities and ensuring the integrity of SIP is crucial for maintaining the security and privacy of macOS users’ data and preventing unauthorized access by malicious actors.

Conclusive remarks

The significance of this vulnerability lies in the unauthorized access to sensitive information and the ability to tamper with system integrity. Apple’s prompt response in patching the vulnerability demonstrates its commitment to user security.

By continuously addressing vulnerabilities like this and staying proactive in our security measures, we can better protect our data and avoid potential threats in the ever-evolving digital landscape.

author

PureVPN

date

May 31, 2023

time

12 months ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024
Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN