Microsoft flags macOS bug — remotely bypassing Apple's sophisticated System Integrity Protection (SIP) security solution and allowing unauthorized third-party rootkit installs

News
By published

A security flaw allowed bad actors to bypass Apple's SIP, allowing them to disable the security feature remotely and install rootkits.

Apple Store in Bangkok, Thailand
(Image credit: Kevin Okemwa | Windows Central)

Microsoft uncovered a critical security vulnerability (tracked as CVE-2024-44243) affecting Apple's macOS (via Bleeping Computer). The threat allowed bad actors to circumvent the iPhone maker's System Integrity Protection (SIP), granting them access to the macOS kernel by loading third-party code.

For context, SIP is a security feature designed to block malware from accessing important data in the operating system by restricting the root user account's privileges in critical areas. As such, if the security feature is bypassed, the operating system becomes susceptible to malicious ploys by attackers, allowing them to make unauthorized changes to privileged and important files and folders.

Related: Microsoft blocks Secure Boot loophole, protecting Windows 11 from firmware attacks

It's worth noting that the security feature limits access to the operating system's critical components to Apple-authorized processes. As such, it's difficult to make important operating system security modifications that attackers could exploit to gain unauthorized access to privileged information. The security feature can only be disabled during the operating system's recovery and restart process, which typically requires physical access to the device.

However, the vulnerability highlighted allowed hackers to disable the security feature remotely, allowing them to install rootkits. With access to the operating system, the attackers could inject malware, bypassing more security features, including Transparency, Consent, and Control (TCC) security checks to gain unauthorized access to intricate user data.

According to Microsoft:

"System Integrity Protection (SIP) serves as a critical safeguard against malware, attackers, and other cybersecurity threats, establishing a fundamental layer of protection for macOS systems. Bypassing SIP impacts the entire operating system's security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes."

While the security flaw has been patched, Microsoft reiterates the need for elaborate security tools that could help users easily identify when their operating systems have been compromised. Microsoft also recommends restricting third-party extensions from running in the kernel, potentially reducing the occurrence of such security flaws.

TOPICS
CATEGORIES
Kevin Okemwa
Kevin Okemwa
Contributor

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. You'll also catch him occasionally contributing at iMore about Apple and AI. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.

Read more
Binary code displayed on a laptop screen and Guy Fawkes mask are seen in this illustration photo.
Microsoft blocks critical Secure Boot loophole after over 7 months — fortifying Windows 11 against sophisticated firmware attacks camouflaged as verified UEFI apps
Windows Updates
Windows 11 Patch Tuesday Update adds multi-app camera feature and addresses security issues
Windows Update
Unable to install security updates after freshly installing Windows 11? You're not alone
The MSI Prestige 16 AI Evo (B2HMG) with Intel Core Ultra 9 285H inside.
Intel's bold security claims: Mudslinging or genuine warnings for AMD & NVIDIA?
Microsoft CEO Satya Nadella in front of the Microsoft Copilot AI logo.
Windows 11 pirates have a new and unlikely ally — Microsoft Copilot
The Microsoft Corporation logo, the American multinational corporation and technology company best known for its Windows operating system software, appears on a MacBook.
Microsoft just launched a Copilot app for macOS, and Windows fans may be jealous
Latest in Microsoft
Steve Ballmer and Bill Gates, former CEOs of Microsoft.
Bill Gates says Satya Nadella almost missed the cut for CEO of Microsoft — Even with Steve Ballmer's support
Microsoft Majorana 1 chip designed for quantum computing
Microsoft dismisses quantum computing skepticism: "There is a century-old scientific process established by the American Physical Society for resolving disputes"
The Microsoft logo on a smartphone and laptop arranged in Crockett, California, US, on Friday, Dec. 29, 2023.
"Would you say there is a reasonable balance between what you contribute to Microsoft and what you get in return?" Two-thirds of Microsoft employees say YES — as AI engineers get preferential compensation packages.
Like a Dragon Pirate Yakuza in Hawaii screenshot
Microsoft blocks (some) Windows 11 pirates while Lenovo steals the show at Mobile World Congress
Satya Nadella with Sam Altman at a conference
Salesforce CEO Marc Benioff's prediction about Microsoft and OpenAI's partnership may have just manifested — and it's not a pretty look for the ChatGPT maker
Age of Empires II with retail box
I ranked 7 of the best Microsoft games of all time to celebrate its 50th anniversary — disagree with these classics if you dare
Latest in News
Microsoft Edge Sidebar
My favorite Microsoft Edge feature just got an AI upgrade — is this the best way to use Copilot on Windows 11?
Professor Sir Roger Penrose, physicist, mathematician and cosmologist
Nobel laureate claims "AI will not be conscious" and shouldn't be considered intelligent — Until it develops its own ideas
UGreen x Genshin Impact charging accessories: image shows magnetic wireless charger, power bank, GaN charger and USB-C cable
UGreen drops a stunning Genshin Impact collection of charging accessories AND it's all on sale
Lies of P boss
Grab these must-play games at killer deal prices during the CDKeys Spring Festival
In this photo illustration OpenAI ChatGPT icon is displayed on a mobile phone screen in Ankara, Turkiye on August 13, 2024.
OpenAI says an excessive dependency on ChatGPT can lead to loneliness and a "loss of confidence" in decision-making
Alienware Area-51 laptops (2025)
Dell revives Alienware Area-51 with powerful new gaming PCs