Apple has multiple safeguards in place in order to protect its devices and ensure that malicious attackers never gain access to a device or user information. But now, researchers at Microsoft have detected a bug, dubbed as ‘Migraine’, in Apple’s macOS that can cause headaches for Mac users.
Apple introduced System Integrity Protection (SIP) or ‘rootless’ in macOS Yosemite back in 2014. What SIP does is that it essentially locks down the system from root by leveraging the Apple sandbox to protect the entire platform.
Essentially, it’s a security technology that restricts a root user from performing operations that may compromise system integrity. One of the most important features of SIP is the filesystem restriction capability, which protects entire files and directories from being overridden. While a user can turn off SIP manually, it’s not an easy feat to achieve. A user must use the recovery OS, which requires physical access to the device for turning this tech off. Also, bypassing SIP can have consequences, which includes increasing the potential for attackers and malware developers to successfully install rootkits, create persistent malware, and make room for additional techniques and exploits.
But now, researchers at Microsoft have detected a bug called Migraine (as it pertains to Migration Assistant) in older versions of macOS that can lead an attacker to bypass all the checks and balances that Apple has put in place in macOS, or in other words bypass SIP, to make changes to a device’s root files remotely.
What’s more concerning is that that the bug is so critical that simply patching the Migration Assistant does not work due.
There are plenty of reasons for it. Microsoft, in a security blog explained that arbitrary bypass of SIP can have severe consequences, such as:
— It could lead to creation of an undeletable malware.
— It could also expand the attack surface for userland and kernel attacker techniques. “…possible for attackers to gain arbitrary kernel code execution. As Apple slowly disallows third party kernel extensions and transitions the Mac ecosystem towards their Endpoint Security framework, security solutions will no longer be able to monitor the kernel for malicious activity, including malicious code executions,” Microsoft explained in its security blog.
— It could allow hackers to tamper with the integrity of the system, effectively enabling rootkits.
— Lastly, it could lead the attackers to gain access to all of a user’s private data. “attackers could replace databases that control Transparency, Consent, and Control (TCC) policies (TCC.db), effectively granting arbitrary applications access to private data and peripherals,” the company added.
Thankfully, users don’t have to do much to safeguard their PCs and laptops against this bug. This vulnerability was patched in the security updates released by Apple on May 18, 2023. So, users who have turned on auto-download for updates on their PCs have nothing to worry about. However, users who need to download updates on their Apple PCs manually need to update their devices as soon as possible.Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.
Author Name | Shweta Ganjoo