Ethical Hacking News
A recent security vulnerability discovered in macOS has left many wondering if they are vulnerable to installing malicious kernel drivers on their Apple devices
Apple Inc. acknowledged a security vulnerability in its macOS operating system (CVE-2024-44243) that enables local attackers with root privileges to bypass System Integrity Protection (SIP). SIP is a built-in security feature designed to protect macOS systems from malicious software, but the latest vulnerability allows attackers to circumvent SIP's protective measures without physical access. The storagekitd daemon is particularly susceptible to exploitation due to its SIP-related entitlements, allowing attackers to install rootkits, create persistent malware, and bypass security checks. Microsoft highlighted the severity of the vulnerability, emphasizing that bypassing SIP has significant consequences for an operating system's overall security. The vulnerability was patched in Apple's recent macOS Sequoia 15.2 update, released on December 11, 2024, and demonstrates the need for users to stay informed about the latest patches and updates.
Apple Inc., the renowned technology giant, recently acknowledged a security vulnerability in its popular operating system, macOS. This critical flaw, tracked as CVE-2024-44243, enables local attackers with root privileges to bypass System Integrity Protection (SIP) and install malicious kernel drivers on Apple devices.
For those unfamiliar with the term, SIP is a built-in security feature designed to protect macOS systems from malicious software by limiting the root user account's powers in protected areas. This safeguard prevents unauthorized modifications to critical system components, thereby ensuring the overall security and integrity of the operating system.
However, this latest vulnerability allows attackers to circumvent SIP's protective measures without requiring physical access to the device. The storagekitd daemon, responsible for handling disk state-keeping functions, is particularly susceptible to exploitation due to its SIP-related entitlements. When an attacker gains control over this daemon, they can install rootkits (kernel drivers), create persistent "undeletable" malware, or bypass Transparency, Consent, and Control (TCC) security checks to access sensitive user data.
In a statement released by Microsoft, the company highlighted the severity of this vulnerability, emphasizing that bypassing SIP has significant consequences for an operating system's overall security. Microsoft principal security researcher Jonathan Bar Or discovered multiple macOS vulnerabilities in recent years, including 'Shrootless' (CVE-2021-30892), another SIP bypass dubbed 'Migraine' (CVE-2023-32369), and a security flaw known as Achilles (CVE-2022-42821). This latest vulnerability further underscores the importance of maintaining rigorous security protocols to protect against such malicious attacks.
The vulnerability was patched in Apple's recent macOS Sequoia 15.2 update, released on December 11, 2024. However, this highlights the ongoing nature of security threats and the need for users to stay informed about the latest patches and updates to their operating systems.
Apple has acknowledged the severity of this issue and has released security updates to address it. The company's proactive approach demonstrates its commitment to ensuring the safety and security of its customers' devices.
As technology continues to evolve, so too do the tactics employed by malicious actors seeking to exploit vulnerabilities for nefarious purposes. It is crucial for users to remain vigilant and take proactive measures to protect their devices against such threats.
In conclusion, this critical security vulnerability highlights the importance of staying informed about the latest security updates and patches for Apple's operating systems. By doing so, users can significantly reduce the risk of falling prey to malicious attacks and ensure the continued safety and integrity of their devices.
Related Information:
https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers/
https://nvd.nist.gov/vuln/detail/CVE-2024-44243
https://www.cvedetails.com/cve/CVE-2024-44243/
https://nvd.nist.gov/vuln/detail/CVE-2021-30892
https://www.cvedetails.com/cve/CVE-2021-30892/
https://nvd.nist.gov/vuln/detail/CVE-2023-32369
https://www.cvedetails.com/cve/CVE-2023-32369/
https://nvd.nist.gov/vuln/detail/CVE-2022-42821
https://www.cvedetails.com/cve/CVE-2022-42821/
Published: Mon Jan 13 14:03:20 2025 by llama3.2 3B Q4_K_M
