The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

Source: InfosecurityMagazine  By: Phil Muncaster

A new vulnerability has been discovered in macOS that allows attackers with root access to bypass System Integrity Protection (SIP) and perform arbitrary operations on affected devices.

Discovered by Microsoft and dubbed “Migraine,” the flaw was disclosed to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

SIP is a security technology implemented in macOS that prevents a root user from compromising system integrity. Also known as “rootless,” SIP was introduced by Apple in macOS Yosemite as a security measure. It restricts root user access to sensitive system files and directories.

Technically speaking, SIP cannot be disabled on a live system and instead requires physical access to the device through the recovery OS. A SIP bypass allows an attacker to override SIP-protected directories and files.

Bypassing SIP could therefore lead to the installation of rootkits, the creation of persistent malware and an expanded attack surface for further exploits.

Microsoft explained that the technique used to exploit the vulnerability is similar to the one found in the Shrootless vulnerability (tracked CVE-2021-30892) published in 2021.

“By focusing on system processes that are signed by Apple and have the entitlement, we found two child processes that could be tampered with to gain arbitrary code execution in a security context that bypasses SIP checks,” reads a Microsoft advisory published Tuesday.

The tech giant confirmed Apple has released security updates on May 18 2023, addressing the issue identified as CVE-2023-32369.

“A logic issue was addressed with improved state management,” Apple wrote in its security bulletin, crediting Microsoft researchers Jonathan Bar Or, Anurag Bohra and Michael Pearse for the discovery.

According to Microsoft, the discovery of the Migraine vulnerability highlights the importance of continuous research and collaboration in mitigating security risks across platforms.

In adjacent news, Microsoft, Apple and Google have recently teamed up on passwordless standards.


Source: InfosecurityMagazine  By: Phil Muncaster


Whatever your business, however big or small it is, you will receive phishing attacks at some point. Think about how you will help your staff understand the threat and how to spot phishing. As with other advice, give them the tools to defend against it in their personal lives and they will bring that behaviour back to work. Let The Cloud Consultancy secure your business.