Microsoft reveals more on a potentially major Apple macOS security flaw

News
By
published

Apple addressed the issue with macOS Sequoia 15.2 in December 2024

Security
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • Microsoft reveals in-depth analysis of a flaw it recently found in macOS
  • The bug is potentially dangerous since it allows threat actors to bypass SIP
  • SIP is a security feature designed to protect critical system files

Microsoft has released an in-depth technical analysis on CVE-2024-44243, a medium-severity macOS vulnerability which could allow attackers to deploy “undeletable” malware.

macOS devices come with System Integrity Protection (SIP), (AKA "rootless") a security feature designed to protect critical system files and processes from being modified, even by users with root privileges. It was first introduced in macOS El Capitan, and is designed to restrict access to system directories and enforce code integrity.

SIP can be temporarily disabled for specific tasks, but doing so requires restarting the system in recovery mode and using Terminal commands.

Impacting entire OS security

The bug allows local attackers with root privilege to mount low-complexity attacks through which they can bypass SIP root restriction, even if they don’t have physical access to the target endpoint. As a result, they can install rootkits, malware that “cannot be deleted”, and work around Apple’s Transparency, Consent, and Control (TCC) security framework.

In its writeup, Microsoft described how destructive bypassing SIP can be: "Bypassing SIP impacts the entire operating system's security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes," Redmond said.

“The challenge of detecting such threats is compounded by the inherent limitations in kernel-level visibility on macOS, making it difficult for traditional security measures to spot and mitigate these sophisticated attacks.”

The flaw was first discovered in late 2024 by both Microsoft and a separate security researcher, Mickey Jin, both of whom responsibly disclosed it to Apple, which addressed it on December 11, 2024, through macOS Sequoia 15.2.

While there is no word of abuse in the wild, users are still advised to apply the patch as soon as possible.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Someone checking their credit card details online.
Apple forced to patch iOS and macOS security flaw that could have leaked your private info
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
New UEFI Secure Boot flaw exposes systems to bootkits
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Apple users facing new security risks after critical USB component hacked
Latest in Security
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Security
Broadcom releases fixes for multiple VMware security flaws
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Latest in News
OnePlus Watch 3
Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it
Pac-Man x PowerA promotional image.
Special edition Pac-Man Nintendo Switch and Xbox accessories from PowerA are on the way
Close up of PS5 DualSense controller leaning on a PS5
Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
Security
Broadcom releases fixes for multiple VMware security flaws
More about security
Security

Broadcom releases fixes for multiple VMware security flaws
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
iPad Air M3 on a green background next to TechRadar big savings badge

Get the brand-new iPad Air (M3) from just $249 at Best Buy with a trade-in
See more latest
Most Popular
Security
Broadcom releases fixes for multiple VMware security flaws
OnePlus Watch 3
Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
Google Pixel Watch 3
Google rolls out major Pixel Watch upgrade for all users – here's what's new in Wear OS 5.1
Pac-Man x PowerA promotional image.
Special edition Pac-Man Nintendo Switch and Xbox accessories from PowerA are on the way
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it
Close up of PS5 DualSense controller leaning on a PS5
Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
Artificial Intelligence
Amazon is apparently going all-in on agentic AI
A collage of Daredevil in Daredevil: Born Again and Tom Holland's Peter Parker in Spider-Man: Far From Home
Daredevil: Born Again episode 2 just gave me hope that the titular hero will join forces with Spider-Man in the MCU, but it won't happen on Disney+
Circular Ring 2
The Circular Ring 2 solves a crucial smart ring problem, and it's available to pre-order now