A newly revealed macOS vulnerability appropriately dubbed “Migraine” could allow a cyberattacker with root access to work around System Integrity Protections (SIP) in macOS, in order to gain remote code execution (RCE) and install rootkits, malware, and more.
The Microsoft Threat Intelligence team first discovered the bug, tracked under CVE-2023-32369.
“Bypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, and expand the attack surface for additional techniques and exploits,” the Microsoft team reported.
After the Microsoft team disclosed their findings to Apple, a security update released on May 18 included a fix to the issue, the Microsoft team added.
Security Headache: SIP Protections No Magic Bullet
Zane Bond with Keeper Security explained in an emailed statement to Dark Reading that neither SIP nor Windows’ similar Windows Data Execution Prevention (DEP) are foolproof against RCE.
“What makes this flaw both notable and interesting is that it uses Apple’s own protection mechanisms to prevent victims from easily cleaning it up,” Bond says. “Every operating system has tried to implement some form of built-in sandbox, antivirus, or malware protection system such as Apple’s System Integrity Protection (SIP). Occasionally, even those built-in protections are breached.”
Mike Parkin with Vulcan Cyber reacted by email, characterizing the bug to Dark Reading as “fascinating,” and predicting that the more Apple locks down its security systems against these types of vulnerabilities, the more difficult it becomes for additional cybersecurity solutions to add value — thus leaving users totally reliant on Apple for protection.
“At the logical conclusion here, users will be forced to rely entirely on Apple’s built-in defenses which means breaking that means breaking it all,” Parkin adds of the walled garden issue.
How’s that for a major headache?