Apple Fixes ‘Serious’ MacOS Security Exploit Found by Microsoft


Protect Your Access to the Internet

Apple has fixed a “serious” exploit that could let attackers bypass macOS System Integrity Protection (SIP) and install “undeletable” malware while accessing private data on a Mac. 

Microsoft, which first spotted the bug, says(Opens in a new window) the vulnerability (CVE-2023-32369(Opens in a new window) or “Migraine”) could allow an attacker to perform arbitrary operations on a Mac, hide malicious files from all monitoring tools, and expand the scope of the malware to attack the system’s kernel.

Apple introduced SIP with OS X El Capitan back in 2015. It’s a security mechanism for macOS that stops potential malware from changing folders and files by preventing applications from gaining root access to the operating system. 

As 9to5Mac notes(Opens in a new window), Microsoft found that SIP could be bypassed by exploiting a special entitlement designed by Apple that grants unrestricted root access to the macOS Migration Assistant tool, which helps users transfer data from a Mac or Windows PC to another Mac.

As the Migration Assistant Tool is usually only accessible during the setup process of a new user account, Microsoft altered the tool so that it could run while the user was still logged in and without physical access to the Mac. This alteration caused the app to crash, so security researchers ran Setup Assistant in debug mode, which disregarded changes made to the Migration Assistant Tool.

Recommended by Our Editors

At this point, the researchers created a small 1GB Time Machine backup that contained malware, before making an AppleScript that carried the malware and interacted with the Migration Assistant interface without the user noticing.

You don’t need to worry about the exploit if your Mac is running the latest version of macOS Ventura, macOS Monterey 12.6.6, or macOS Big Sur 11.7.7, released on May 18, as they all contain a patch. You can install the latest version of macOS by going to System Settings > General > Software Update.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a…