Microsoft discovers a major security flaw in Apple Mac computers

0
3
microsoft discovers a major security flaw in apple mac computers.jpg
microsoft discovers a major security flaw in apple mac computers.jpg

Microsoft security researchers have discovered a vulnerability not in Windows, but in macOS, the operating system used by Apple computers.

xloader malware compatible macOS and windows
Credit: Unsplash

The flaw, named Migraine and listed as CVE-2023-32369, allows attackers with root privileges to bypass important security measures and gain access to a victim’s private data. The vulnerability has been reported to Apple by Microsoft team, and Apple has since released security updates to address the issue. These updates, released on May 18, are macOS Ventura 13.4, macOS Monterey 12.6.6 and macOS Big Sur 11.7.7. This is not the first time that such a flaw has been reported by Microsoft.

The security mechanism in question is called System Integrity Protection (SIP), or “rootless”. It prevents potentially harmful software from modifying specific files and folders by imposing restrictions on the root user account and its abilities in protected areas of the operating system.

Read also – The terrible LockBit ransomware now targets Apple Macs, a first

macOS is less secure than you might think

SIP ensures that only processes signed by Apple or with special rights can make changes to protected components of macOS. Disabling SIP requires rebooting the system and booting from macOS Recovery, which can only be done with physical access to a compromised device.

However, Microsoft researchers found that attackers with access rights can bypass SIP by exploiting the macOS Migration Assistant utility. By using AppleScript to automate the migration process and adding a malicious payload to SIP’s exclusion list, attackers can launch their code without rebooting the system or booting from macOS Recovery.

SEE ALSO  Apple ends up giving in and will incorporate one of the most historic features of Android in iOS 18

Bypassing SIP Presents Significant Risks, as it allows malicious code to have widespread impacts, including creating malware that cannot be easily removed. It also expands the attack surface, potentially allowing attackers to alter system integrity,execute arbitrary kernel code and install rootkits to hide malicious files.

In addition, circumventing the SIP protocol also bypasses Transparency, Consent, and Control (TCC) policies, which protect user data. Attackers can override TCC databases and gain unrestricted access to victim’s private information.