A critical exploit discovered in Apple computers by Microsoft engineers
Microsoft has disclosed the discovery of a vulnerability in macOS that could potentially bypass Apple's System Integrity Protection (SIP) and enable arbitrary code execution on affected devices. The vulnerability, known as the "Migraine" exploit, is linked to the macOS Migration Assistant, a tool designed to facilitate data transfer between Macs and Windows PCs, 9to5Mac reports.
System Integrity Protection, introduced by Apple in 2015 with OS X El Capitan, enhances security by preventing unauthorized access and modification of system files at the root level. While disabling SIP is a complex task for users, Microsoft's findings reveal that attackers can exploit this vulnerability to gain access to crucial system files, thereby simplifying the installation of malware and rootkits.
Ordinarily, the Migration Assistant is only accessible during the initial setup process of a new user account, requiring a complete system sign-out and physical access to the computer. However, Microsoft demonstrated that it is possible to leverage the "Migraine" exploit without these limitations, raising concerns about potential risks.
To execute the exploit, Microsoft researchers modified the Migration Assistant utility to run without logging the user off. This modification caused the app to crash initially due to a codesign failure. However, by running the Setup Assistant in debug mode, the researchers bypassed the signature requirement and proceeded to the modified Migration Assistant. Although this method still required a disk to be restored and interaction with the interface, Microsoft went further by creating a small 1GB Time Machine backup with embedded malware. They used an AppleScript to automatically mount this backup and interact with the Migration Assistant interface, effectively importing malicious data onto the targeted Mac.
Fortunately, users running the latest version of macOS Ventura need not be concerned, as Apple promptly addressed the vulnerability following Microsoft's report. The fix was included in the macOS 13.4 update, which was released to the public on May 18. Apple publicly acknowledged the researchers from Microsoft for their assistance in safeguarding macOS.
If you have not yet updated your Mac, it is crucial to install the latest version of macOS immediately. To do so, navigate to System Settings > General > Software Update and follow the prompts to ensure your device is protected against potential exploits.
- Related News
- Porsche unveils electric bike that costs more than $15,000: Why is it so expensive?
- New Macs based M4 chip will get up to 512 GB of integrated memory, M4 is expected to be released in late 2024
- US scientists createсmicrochip for AI calculations performed at the speed of light
- When will world's first stable quantum computer appear?
- Swiss scientists create sensor powered by energy from sound vibrations
- When will Apple introduce new iPad Air, iPad Pro and MacBook Air and what do we know about them?
- Most read
month
week
day
- iPhone users are advised to disable iMessage: What risks are hidden in it? 1388
- New Macs based M4 chip will get up to 512 GB of integrated memory, M4 is expected to be released in late 2024 1129
- Problems with Android 15: NFC contactless payments no longer work on smartphones with updated operating systems 1075
- Pavel Durov gives interview to Tucker Carlson: From 3-hour interview, less than hour appears in final version 949
- What are the best selling smartphones in the world? 859
- Key Google Pixel feature will soon be available on iPhone as well 749
- AMD Ryzen 7 processor, 24 GB of RAM and only $550: Mechrevo presents inexpensive and powerful laptop (photo) 742
- Wildberries Travel service is already available for Armenia and other CIS countries 731
- The 5 most controversial buildings ever built: Bold design or complete failure? (photo) 730
- Black Shark smart ring from Xiaomi to have interesting characteristics and phenomenal autonomy: 180 days of operation without recharging (photo) 701
- Archive