11:47
11:47
21:54
12:30
12:29
20:45
11:47
11:47
21:54
12:30
12:29
20:45
11:47
11:47
21:54
12:30
12:29
20:45
11:47
11:47
21:54
12:30
12:29
20:45
Microsoft has identified a critical vulnerability in macOS that could allow attackers to bypass the System Integrity Protection (SIP) feature, leading to potential arbitrary code execution on affected devices.
The exploit, dubbed "Migraine," uses specific permissions in the macOS Migration Assistant to gain unrestricted root access and manipulate system files. This SIP security issue poses a serious threat because it allows malware and rootkits to be installed.
Typically, the Migration Assistant is only accessible during the initial setup of a new user account, requiring physical access and a complete system sign-out. However, Microsoft researchers have demonstrated a method to bypass these limitations. By modifying the Migration Assistant and running the Setup Assistant in debug mode, they were able to bypass the setup process and gain access to the vulnerable tool.
To further exploit the vulnerability, a small malicious Time Machine backup was created and automatically mounted, seamlessly importing the compromised data without user detection.
Upon discovering the "Migraine" exploit, Microsoft notified Apple, which promptly addressed the issue with the macOS 13.4 update, released on May 18. Users are urged to update their Macs to the latest version of macOS Ventura immediately to ensure their systems are protected.