This macOS Flaw Allows hackers to Install "Non-removable" Malware on Mac - How to Stay Safe

This macOS Flaw Allows hackers to Install "Non-removable" Malware on Mac - How to Stay Safe

A newly discovered macOS bug could allow hackers with root privileges to bypass Apple's security protections and install "undeletable" malware on vulnerable Macs

The flaw, named Migraine and tracked as CVE-2023-32369, was actually discovered by a team of Microsoft security researchers and subsequently reported to Apple

If exploited by an attacker on a Mac that has not been updated, the flaw allows an attacker to bypass macOS' System Integrity Protection (SIP) as BleepingComputer points out, SIP is macOS' security mechanism that prevents potentially malicious software from modifying certain folders and files within the root user account

Essentially, SIP ensures that only processes signed by Apple, along with Apple software updates and installers, are allowed to make changes to protected components of macOS

Fortunately, Apple released security updates for macOS Ventura 134, macOS Monterey 1266, and macOS Big Sur 1177 earlier this month to patch this vulnerability Nevertheless, if you have not yet updated your Mac to the latest version, you could be at risk, especially now that hackers know how this flaw works

Typically, to disable SIP, an attacker would need physical access to one of the best Macs From there, they need to reboot the system and boot from Apple's built-in recovery system, macOS Recovery

However, Microsoft security researchers have found a way to bypass SIP security with root privileges by exploiting Apple's own macOS Migration Assistant They then demonstrated that an attacker with root privileges could automate the migration process with AppleScript and add it to the SIP exclusion list, thereby launching the malicious payload without having to restart the Mac and boot from macOS recovery

Microsoft's Threat Intelligence team provided further details about the Migraine vulnerability in a blog post, stating: "Signed by Apple, comapplerootlessinstallheritable By focusing on a system process with an entitlement, we discovered two child processes that could be tampered with to obtain arbitrary code execution in a security context to bypass SIP checks"

Malware loaded in this manner is particularly dangerous because it cannot be removed by standard removal methods and can hide from security software Worse, bypassing SIP also makes it possible to circumvent Apple's TCC (Transparency, Consent and Control) policy, allowing unrestricted access to personal data stored on vulnerable Macs

The main way to protect yourself from potential attacks that exploit macOS bugs such as the above is to keep your Mac up-to-date and running the latest software

When Apple issues security updates, they are generally designed to fix serious bugs like this one or even more dangerous macOS zero-day Hackers often prey on users who have not updated their devices, so installing the latest updates as soon as they become available reduces the likelihood of falling victim to an attack

Apple has its own built-in antivirus software in the form of XProtect, but you may also want to install one of the best Mac antivirus software solutions for additional protection iPhone and iPad too! If you want protection, Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 are the only Mac antivirus apps that can scan iPhone and iPad malware connected to your computer via USB

More may be forthcoming from Apple on this macOS bug, as it has been patched and the company's customers have had enough time to update their devices with the latest security updates

Categories