Security News > 2023 > May > Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
2023-05-30 19:20

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection to install "Undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control security checks.

Apple has patched the vulnerability in security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, released two weeks ago, on May 18.

System Integrity Protection, also known as 'rootless,' is a macOS security mechanism that prevents potentially malicious software from altering certain folders and files by imposing restrictions on the root user account and its capabilities within protected areas of the operating system.

Microsoft's researchers found that attackers with root permissions could bypass SIP security enforcement by abusing the macOS Migration Assistant utility, a built-in macOS app that uses the systemmigrationd daemon with SIP-bypassing capabilities stemming from its com.

This is not the first such macOS vulnerability reported by Microsoft researchers in recent years, with another SIP bypass dubbed Shrootless reported in 2021, allowing attackers to perform arbitrary operations on compromised Macs, escalate privileges to root, and potentially install rootkits on vulnerable devices.

More recently, Microsoft principal security researcher Jonathan Bar Or also found a security flaw known as Achilles that attackers could exploit to deploy malware via untrusted apps capable of bypassing Gatekeeper execution restrictions.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-finds-macos-bug-that-lets-hackers-bypass-sip-root-restrictions/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399