A vulnerability dangerous into macOS: the researchers of Microsoft Threat Intelligence they discovered a security hole called Migraine. The name comes from its link with themacOS Migration Assistant. And it could allow an attacker with root privileges to automatically bypass System Integrity Protection (SIP) in macOS and perform dangerous actions on a device.
Microsoft security researchers communicated these findings to Apple’s peers and perennial rivals via the program Coordinated Vulnerability Disclosure (CVD) di Microsoft Security Vulnerability Research (MSVR). A fix for this flaw, now known as CVE-2023-32369is already part of the security updates released by Apple on May 18, 2023.
The ability to bypass System Integrity Protection is particularly problematic. Indeed, SIP is a security technology in macOS that prevents a root user from performing operations that could harm system integritya.
Circumventing SIP could lead to serious consequences, such as facilitating the installation of rootkits by attackers and malware creators. This could make the malware more persistent and extend the attack surface for other techniques and exploits.
Microsoft expanded on this technique discovered in this blog article. And he explains that he spotted her during the routine malware investigation. Focusing on system processes that are signed by Apple and have the com.apple.rootless.install.heritablethe researchers found two child processes that could be altered to achieve arbitrary code execution in a security context that evaded SIP checks.
It doesn’t look like that no hackers exploited the security hole. But as always, it pays to update your Mac as soon as possible.
This post was last modified on June 15, 2023 3:44 pm
Instant GamingFor the month of May, PS Plus goes straight online: among the free games,…
Madame Web, the Sony Spider-Man spin-off film starring Dakota Johnson coming to Netflix, but when?After…
Canon celebrates the 20th anniversary of the SELPHY series, the range of compact photo printers…
That Miami GP will be a new beginning for McLaren, which has entered into a…
With the latest update, WhatsApp has introduced some interesting innovations - some quite eye-catching, such…
Initially born as a subscription service with benefits for GTA Online, GTA+ is renewed offering…