Security News > 2023 > May > Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices.
"The most straight-forward implication of a SIP bypass is that an attacker can create files that are protected by SIP and therefore undeletable by ordinary means," Microsoft researchers Jonathan Bar Or, Michael Pearse, and Anurag Bohra said.
The bypass is made possible by leveraging a built-in macOS tool called Migration Assistant to activate the migration process via an AppleScript that's designed to ultimately launch an arbitrary payload. This, in turn, stems from the fact that systemmigrationd - the daemon used to handle device transfer - comes with the com.
Heritable entitlement, allowing all its child processes, including bash and perl, to bypass SIP checks.
"Bypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, and expand the attack surface for additional techniques and exploits."
The findings come as Jamf Threat Labs disclosed details of a type confusion flaw in the macOS kernel that could be weaponized by a rogue app installed on the device to execute arbitrary code with kernel privileges.
News URL
https://thehackernews.com/2023/05/microsoft-details-critical-apple-macos.html
Related news
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Oracle warns that macOS 14.4 update breaks Java on Apple CPUs (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Hardware-level Apple Silicon vulnerability can leak cryptographic keys (source)
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)