Microsoft has disclosed the discovery of a vulnerability in macOS that could potentially bypass Apple's System Integrity Protection (SIP) and enable arbitrary code execution on affected devices. The vulnerability, known as the "Migraine" exploit, is linked to the macOS Migration Assistant, a tool designed to facilitate data transfer between Macs and Windows PCs, 9to5Mac reports.
System Integrity Protection, introduced by Apple in 2015 with OS X El Capitan, enhances security by preventing unauthorized access and modification of system files at the root level. While disabling SIP is a complex task for users, Microsoft's findings reveal that attackers can exploit this vulnerability to gain access to crucial system files, thereby simplifying the installation of malware and rootkits.
Ordinarily, the Migration Assistant is only accessible during the initial setup process of a new user account, requiring a complete system sign-out and physical access to the computer. However, Microsoft demonstrated that it is possible to leverage the "Migraine" exploit without these limitations, raising concerns about potential risks.
To execute the exploit, Microsoft researchers modified the Migration Assistant utility to run without logging the user off. This modification caused the app to crash initially due to a codesign failure. However, by running the Setup Assistant in debug mode, the researchers bypassed the signature requirement and proceeded to the modified Migration Assistant. Although this method still required a disk to be restored and interaction with the interface, Microsoft went further by creating a small 1GB Time Machine backup with embedded malware. They used an AppleScript to automatically mount this backup and interact with the Migration Assistant interface, effectively importing malicious data onto the targeted Mac.
Fortunately, users running the latest version of macOS Ventura need not be concerned, as Apple promptly addressed the vulnerability following Microsoft's report. The fix was included in the macOS 13.4 update, which was released to the public on May 18. Apple publicly acknowledged the researchers from Microsoft for their assistance in safeguarding macOS.
If you have not yet updated your Mac, it is crucial to install the latest version of macOS immediately. To do so, navigate to System Settings > General > Software Update and follow the prompts to ensure your device is protected against potential exploits.