Migraine, the macOS vulnerability discovered by Microsoft

A vulnerability dangerous into macOS: the researchers of Microsoft Threat Intelligence they discovered a security hole called Migraine. The name comes from its link with themacOS Migration Assistant. And it could allow an attacker with root privileges to automatically bypass System Integrity Protection (SIP) in macOS and perform dangerous actions on a device.

Migraine, the macOS vulnerability discovered by Microsoft

Microsoft security researchers communicated these findings to Apple’s peers and perennial rivals via the program Coordinated Vulnerability Disclosure (CVD) di Microsoft Security Vulnerability Research (MSVR). A fix for this flaw, now known as CVE-2023-32369is already part of the security updates released by Apple on May 18, 2023.

The ability to bypass System Integrity Protection is particularly problematic. Indeed, SIP is a security technology in macOS that prevents a root user from performing operations that could harm system integritya.

Circumventing SIP could lead to serious consequences, such as facilitating the installation of rootkits by attackers and malware creators. This could make the malware more persistent and extend the attack surface for other techniques and exploits.

Microsoft expanded on this technique discovered in this blog article. And he explains that he spotted her during the routine malware investigation. Focusing on system processes that are signed by Apple and have the com.apple.rootless.install.heritablethe researchers found two child processes that could be altered to achieve arbitrary code execution in a security context that evaded SIP checks.

It doesn’t look like that no hackers exploited the security hole. But as always, it pays to update your Mac as soon as possible.