Security News > 2023 > May > Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection to install "Undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control security checks.

Apple has patched the vulnerability in security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, released two weeks ago, on May 18.

System Integrity Protection, also known as 'rootless,' is a macOS security mechanism that prevents potentially malicious software from altering certain folders and files by imposing restrictions on the root user account and its capabilities within protected areas of the operating system.

Microsoft's researchers found that attackers with root permissions could bypass SIP security enforcement by abusing the macOS Migration Assistant utility, a built-in macOS app that uses the systemmigrationd daemon with SIP-bypassing capabilities stemming from its com.

This is not the first such macOS vulnerability reported by Microsoft researchers in recent years, with another SIP bypass dubbed Shrootless reported in 2021, allowing attackers to perform arbitrary operations on compromised Macs, escalate privileges to root, and potentially install rootkits on vulnerable devices.

More recently, Microsoft principal security researcher Jonathan Bar Or also found a security flaw known as Achilles that attackers could exploit to deploy malware via untrusted apps capable of bypassing Gatekeeper execution restrictions.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-finds-macos-bug-that-lets-hackers-bypass-sip-root-restrictions/