2025-01-15 06:43:16 Pacfic
macOS SIP Bypass Vulnerability Disclosed - 1d
A newly discovered macOS vulnerability, identified as CVE-2024-44243, allows attackers to bypass System Integrity Protection (SIP). This security feature is designed to prevent unauthorized modifications to the operating system, but this flaw enables threat actors to load third-party kernel extensions, effectively circumventing SIP. Microsoft researchers discovered this issue and provided a root cause analysis, collaborating with Apple to release a fix in December 2024, which users should install to protect their systems.
This bypass could have serious consequences, giving attackers the ability to install rootkits, create persistent malware, and bypass Transparency, Consent, and Control (TCC) mechanisms. This vulnerability increases the attack surface and could lead to the execution of additional exploits. Microsoft's research highlights the challenges of kernel-based monitoring and the need for proactive monitoring to detect potential threats, particularly those exploiting specially entitled processes. Mickey Jin also independently reported the vulnerability to Apple.
ImgSrc: www.microsoft.com
References:
- @bleepingcomputer.com - BleepingComputer - Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. - 1d
- @BleepingComputer - Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. - 1d
- www.microsoft.com - Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions | Microsoft Security Blog - 1d
- www.bleepingcomputer.com - Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. - 1d
Classification:
- HashTags: macOS SIP Vulnerability
- Company: Apple
- Target: macOS Users
- Product: macOS
- Feature: SIP bypass
- Type: Vulnerability
- Severity: Medium