%20(1).png)
Microsoft recently discovered a vulnerability issue that might allow attackers to circumvent a key security safeguard on macOS machines. The "Migraine" vulnerability may be exploited to circumvent Apple's System Integrity Protection (SIP) on macOS — a feature that safeguards sections of the operating system relevant to system integrity by blocking access to specific files — and install malware on a victim's machine. Microsoft notified Apple of the security weakness, and the Cupertino corporation corrected it with its most recent security update.
According to Microsoft's blog post, the "Migraine" security attack is based on Migration Assistant, an Apple utility that allows users to transfer files from one Mac to another or from a Windows PC to a Mac. The Apple Migration Assistant software has full root access, allowing it to conduct its data transfer function, and security researchers at Microsoft used the tool's particular 'entitlement' to create the vulnerability.
Microsoft was able to evade a signature check by running the Migration Assistant in debug mode after altering it to run without logging out a user. The business infected the host machine with a 1GB Time Machine backup infected with malicious software, employing a script to induce Migration Assistant to import the backup and infect it. The entire procedure circumvented the System Integrity Protection feature, which was initially implemented on macOS in 2015.
It is worth noting that the Migration Assistant is normally available during user setup, implying that an attacker would require local access to a system. According to Microsoft, arbitrary system bypasses such as Migraine may produce files that are secured by SIP, the same mechanism that it bypasses, making deletion extremely difficult. To enable rootkits, attackers can also run arbitrary kernel code and interfere with the system. These flaws, according to Microsoft, can also be leveraged to obtain access to private data as well as computer peripherals and devices.
Users who upgraded to macOS 13.4 after it was released on May 18 should be immune from the vulnerability, which Apple has addressed. Microsoft notified the security hole to Apple, allowing the company to deploy a repair. Meanwhile, Microsoft's Jonathan Bar Or, Anurag Bohra, and Michael Pearse were credited with discovering the attack.