Security News > 2023 > May > Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection to install "Undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control security checks.
Apple has patched the vulnerability in security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, released two weeks ago, on May 18.
System Integrity Protection, also known as 'rootless,' is a macOS security mechanism that prevents potentially malicious software from altering certain folders and files by imposing restrictions on the root user account and its capabilities within protected areas of the operating system.
Microsoft's researchers found that attackers with root permissions could bypass SIP security enforcement by abusing the macOS Migration Assistant utility, a built-in macOS app that uses the systemmigrationd daemon with SIP-bypassing capabilities stemming from its com.
This is not the first such macOS vulnerability reported by Microsoft researchers in recent years, with another SIP bypass dubbed Shrootless reported in 2021, allowing attackers to perform arbitrary operations on compromised Macs, escalate privileges to root, and potentially install rootkits on vulnerable devices.
More recently, Microsoft principal security researcher Jonathan Bar Or also found a security flaw known as Achilles that attackers could exploit to deploy malware via untrusted apps capable of bypassing Gatekeeper execution restrictions.
News URL
Related news
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Cisco bug lets hackers run commands as root on UWRB access points (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Microsoft investigates OneDrive issue causing macOS app freezes (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Hackers use macOS extended file attributes to hide malicious code (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)