Apple recently addressed a security flaw that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers on Macs. This vulnerability, tracked as CVE-2024-44243, can be exploited by local attackers with root privileges in low-complexity attacks requiring user interaction.
Successful exploitation could allow attackers to bypass SIP restrictions without physical access to create persistent malware or access victims’ data. However, Apple has patched the vulnerability in security updates for macOS Sequoia 15.2, released on December 11, 2024.
This is not the first time Microsoft has discovered a significant macOS vulnerability. Other notable flaws include ‘Shrootless’ (CVE-2021-30892), which allows attackers to perform arbitrary operations on compromised Macs, and ‘Migraine’ (CVE-2023-32369), a security flaw that can be exploited to deploy malware via untrusted apps.
Apple’s SIP serves as a critical safeguard against malware, attackers, and other cybersecurity threats. However, bypassing this protection could lead to severe consequences, emphasizing the need for comprehensive security solutions. Microsoft principal security researcher Jonathan Bar Or has been tracking multiple macOS vulnerabilities in recent years, including ‘powerdir’ (CVE-2021-30970), which lets attackers bypass Transparency, Consent, and Control technology to access protected data.
Note: The original article was from Microsoft’s perspective, but the rewritten version presents a more neutral tone.
Source: https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers