Microsoft has discovered a new macOS vulnerability dubbed Migraine. The company detailed in its security advisory that the flaw allows attackers to bypass System Integrity Protection (SIP) and perform malicious operations on macOS machines.
Apple first launched System Integrity Protection (SIP) in macOS Yosemite back in 2014. The feature is designed to prevent threat actors from making any changes to important system files and folders on Mac devices. System Integrity Protection (SIP) helps users to block unwanted modifications that could impact the system’s stability and security.
According to Microsoft, the “Migraine” security vulnerability (CVE-2023-32369) exploits the Migration Assistant app that lets users transfer files from Windows to macOS. Microsoft’s researchers used an Apple script that caused the tool to import a malicious Time Machine backup and infect the host system.
“By focusing on system processes that are signed by Apple and have the com.apple.rootless.install.heritable entitlement, we found two child processes that could be tampered with to gain arbitrary code execution in a security context that bypasses SIP checks,” the Microsoft Threat Intelligence team explained.
Apple releases patches to fix the Migraine vulnerability on macOS
Microsoft warned that the security flaw could be used to gain physical access to sensitive data, computer accessories, and devices. The technique shares similarities with the method employed in 2021 to exploit the Shrootless vulnerability. Microsoft disclosed the vulnerability to Apple, which released a security update to mitigate it on May 18.
Microsoft emphasized that organizations should use security tools (such as Microsoft Defender for Endpoint) to monitor malicious activities. Additionally, Microsoft Defender Vulnerability Management helps to quickly detect and fix critical vulnerabilities. Microsoft also recommends that security teams should collaborate with vendors to prioritize security patching.