Source: BleepingComputer Author: Sergiu Gatlan URL: https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers/
-
ONE SENTENCE SUMMARY: Apple fixed a macOS vulnerability allowing local attackers to bypass SIP and install malicious drivers without physical access.
-
MAIN POINTS:
-
Apple addressed a vulnerability allowing SIP bypass and malicious kernel driver installation.
-
System Integrity Protection (SIP) restricts software modifications in protected macOS areas.
-
SIP restricts changes to Apple-signed processes and entitlements.
-
Exploitable flaw tracked as CVE-2024-44243 affects the Storage Kit daemon.
-
Attackers can exploit SIP bypass locally, requiring user interaction.
-
Successful exploitation could lead to persistent malware installation and data access.
-
Apple issued a patch in December 2024 for macOS Sequoia 15.2.
-
Microsoft asserts SIP is crucial for macOS malware protection.
-
Previous SIP bypass vulnerabilities include ‘Shrootless’ and ‘Migraine.’
-
Researchers have identified multiple security flaws impacting macOS and SIP.
-
TAKEAWAYS:
-
Always keep macOS updated to protect against vulnerabilities.
-
SIP is essential for maintaining macOS security integrity.
-
Local attacks remain a significant threat to macOS systems.
-
Relying solely on SIP isn’t enough; additional security measures are recommended.
-
Understanding previous vulnerabilities can help in preventing future attacks.