Microsoft flags macOS bug — remotely bypassing Apple's sophisticated System Integrity Protection (SIP) security solution and allowing unauthorized third-party rootkit installs

News
By
published

A security flaw allowed bad actors to bypass Apple's SIP, allowing them to disable the security feature remotely and install rootkits.

Apple Store in Bangkok, Thailand
(Image credit: Kevin Okemwa | Windows Central)

Microsoft uncovered a critical security vulnerability (tracked as CVE-2024-44243) affecting Apple's macOS (via Bleeping Computer). The threat allowed bad actors to circumvent the iPhone maker's System Integrity Protection (SIP), granting them access to the macOS kernel by loading third-party code.

For context, SIP is a security feature designed to block malware from accessing important data in the operating system by restricting the root user account's privileges in critical areas. As such, if the security feature is bypassed, the operating system becomes susceptible to malicious ploys by attackers, allowing them to make unauthorized changes to privileged and important files and folders.

Related: Microsoft blocks Secure Boot loophole, protecting Windows 11 from firmware attacks

It's worth noting that the security feature limits access to the operating system's critical components to Apple-authorized processes. As such, it's difficult to make important operating system security modifications that attackers could exploit to gain unauthorized access to privileged information. The security feature can only be disabled during the operating system's recovery and restart process, which typically requires physical access to the device.

However, the vulnerability highlighted allowed hackers to disable the security feature remotely, allowing them to install rootkits. With access to the operating system, the attackers could inject malware, bypassing more security features, including Transparency, Consent, and Control (TCC) security checks to gain unauthorized access to intricate user data.

According to Microsoft:

"System Integrity Protection (SIP) serves as a critical safeguard against malware, attackers, and other cybersecurity threats, establishing a fundamental layer of protection for macOS systems. Bypassing SIP impacts the entire operating system's security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes."

While the security flaw has been patched, Microsoft reiterates the need for elaborate security tools that could help users easily identify when their operating systems have been compromised. Microsoft also recommends restricting third-party extensions from running in the kernel, potentially reducing the occurrence of such security flaws.

TOPICS
CATEGORIES
Kevin Okemwa
Kevin Okemwa
Contributor

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. You'll also catch him occasionally contributing at iMore about Apple and AI. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.