Ethical Hacking News
A newly discovered critical macOS vulnerability (CVE-2024-44243) enables an attacker to bypass System Integrity Protection (SIP), potentially leading to rootkit installation, persistent malware creation, and evasion of detection. Apple has patched this vulnerability in the latest version of macOS Sequoia 15.2, but it highlights the importance of ongoing security vigilance and proactive measures to mitigate emerging threats.
Apple has acknowledged a critical vulnerability (CVE-2024-44243) that allows bypassing the System Integrity Protection (SIP) framework on macOS. Bypassing SIP can lead to significant security risks, including installation of rootkits and creation of persistent malware. The vulnerability creates an attack surface for malicious actors to tamper with security solutions on the device, evading detection. Users are advised to prioritize security updates and patches provided by Apple as soon as they become available. Organizations should consider implementing robust security measures to mitigate the potential impact of this vulnerability.
Apple has recently acknowledged a critical vulnerability (CVE-2024-44243) that allows an attacker to bypass the System Integrity Protection (SIP) framework on macOS, which could potentially lead to serious security implications. This vulnerability was discovered by Microsoft's Threat Intelligence team and has been patched in the latest version of macOS Sequoia 15.2. However, this expose highlights a concerning trend in the ever-evolving landscape of cybersecurity threats.
According to Jonathan Bar Or of the Microsoft Threat Intelligence team, bypassing SIP can lead to significant security risks, including the installation of rootkits, creation of persistent malware, and exploitation of vulnerabilities in Transparency, Consent, and Control (TCC). Moreover, this vulnerability creates an attack surface for malicious actors to tamper with security solutions on the device, evading detection.
The System Integrity Protection framework is a critical component of macOS security, designed to prevent malicious software from modifying protected parts of the file system. It works by enforcing various protections against the root user account, allowing modification of these protected parts only by processes that are signed by Apple and have special entitlements to write to system files.
In this particular vulnerability (CVE-2024-44243), an attacker can exploit the Storage Kit daemon's (storagekitd) "com.apple.rootless.install.heritable" entitlement to bypass SIP protections. This is achieved by taking advantage of storagekitd's ability to invoke arbitrary processes without proper validation or dropping privileges to deliver a new file system bundle to /Library/Filesystems – a child process of storagekitd – and override the binaries associated with the Disk Utility, which could then be triggered during certain operations such as disk repair.
This vulnerability is not an isolated incident; it follows previous SIP bypass vulnerabilities (CVE-2021-30892, CVE-2023-32369) discovered by Microsoft's Threat Intelligence team. These incidents underscore the importance of ongoing vigilance and continuous monitoring to detect and address emerging security threats.
The disclosure also highlights the trade-off between security solutions that rely on kernel-level access for their effectiveness and the potential risks associated with increased reliability and reduced monitoring capabilities. Prohibiting third-party code from running in the kernel can increase macOS reliability but reduces the ability of security solutions to monitor and detect threats.
In light of this vulnerability, users are advised to prioritize security updates and patches provided by Apple as soon as they become available. Furthermore, organizations should consider implementing robust security measures to mitigate the potential impact of this vulnerability, including regular software updates, secure configuration of system files, and rigorous monitoring of system activity.
The recent expose of this critical macOS vulnerability serves as a stark reminder of the ever-present threat landscape in modern cybersecurity. As new vulnerabilities emerge and old ones are patched, it is essential for users to remain vigilant and proactive in their approach to security.
Related Information:
https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html
https://nvd.nist.gov/vuln/detail/CVE-2024-44243
https://www.cvedetails.com/cve/CVE-2024-44243/
https://nvd.nist.gov/vuln/detail/CVE-2021-30892
https://www.cvedetails.com/cve/CVE-2021-30892/
https://nvd.nist.gov/vuln/detail/CVE-2023-32369
https://www.cvedetails.com/cve/CVE-2023-32369/
Published: Tue Jan 14 13:28:42 2025 by llama3.2 3B Q4_K_M
