Microsoft: macOS bug lets hackers install malicious kernel drivers

Source: BleepingComputer Author: Sergiu Gatlan URL: https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers/

ONE SENTENCE SUMMARY:

Apple fixed a macOS vulnerability allowing local attackers to bypass SIP and install malicious drivers without physical access.

MAIN POINTS:

  1. Apple addressed a vulnerability allowing SIP bypass and malicious kernel driver installation.
  2. System Integrity Protection (SIP) restricts software modifications in protected macOS areas.
  3. SIP restricts changes to Apple-signed processes and entitlements.
  4. Exploitable flaw tracked as CVE-2024-44243 affects the Storage Kit daemon.
  5. Attackers can exploit SIP bypass locally, requiring user interaction.
  6. Successful exploitation could lead to persistent malware installation and data access.
  7. Apple issued a patch in December 2024 for macOS Sequoia 15.2.
  8. Microsoft asserts SIP is crucial for macOS malware protection.
  9. Previous SIP bypass vulnerabilities include ‘Shrootless’ and ‘Migraine.’
  10. Researchers have identified multiple security flaws impacting macOS and SIP.

TAKEAWAYS:

  1. Always keep macOS updated to protect against vulnerabilities.
  2. SIP is essential for maintaining macOS security integrity.
  3. Local attacks remain a significant threat to macOS systems.
  4. Relying solely on SIP isn’t enough; additional security measures are recommended.
  5. Understanding previous vulnerabilities can help in preventing future attacks.