"Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass"

Microsoft has disclosed information about a now-patched vulnerability in Apple macOS that could be exploited by threat actors with root access to circumvent security protections and execute arbitrary actions on impacted devices. The vulnerability, dubbed Migraine and tracked as CVE-2023-32369, could be exploited to bypass System Integrity Protection (SIP) or "rootless," which limits the actions the root user can perform on protected files and folders. According to Microsoft researchers, the most straightforward implication of a SIP bypass is that an attacker is able to create files protected by SIP and, as a result, cannot be deleted through ordinary means. In addition, it could be exploited to gain arbitrary kernel code execution and access sensitive data by replacing databases managing Transparency, Consent, and Control (TCC) policies. The bypass is possible through the use of a built-in macOS tool called Migration Assistant to activate the migration process via an AppleScript designed to execute an arbitrary payload. This article continues to discuss details shared by Microsoft regarding the now-patched Apple macOS flaw.

THN reports "Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass"