Security and privacy protection are an important part of Apple’s customer-valued offerings. However, no ecosystem is perfect and from time to time a significant threat is detected, the latest one discovered from Microsoft and shows that it exists. A way to bypass System Integrity Protection (SIP)Thanks to the ‘Migraines’ exploit on macOS.

In macOS, this protection exists to prevent applications from accessing and modifying system files at the root level, thanks to several layers of security. after penetration, attackers have access to all system filesthis makes it easy to install malware and rootkits.

‘Migraines’ attacks macOS.

According to the Microsoft security blog post, the ‘Migraine’ exploit allows attackers to execute arbitrary code on a device. It also explains that its name relates to macOS Migration Assistant, a native tool that helps users migrate data from one Mac or Windows PC to another Mac.

In the same report, Microsoft developers run the process a normal hacker should work If System Integrity Protection worked and duplicated the process with the exploit. In the first case, you can access the Migration Wizard only during the process of creating a new user account and have physical access to the computer.

With the exploit, Migration Assistant will work without logging out of the user. However, this mod caused it to crash due to a flaw in the common design. Therefore, the researchers ran the Setup Wizard in debug mode so that it would be unaware that the Migration Wizard had been modified and lacked a valid signature. Even if, requires having a disk to restore and interact with the interface.

So Microsoft created a small 1GB backup of Time Machine that may contain malware. The researchers created an AppleScript that automatically mounts this backup and interacts with the Migration Assistant interface without the user noticing. In conclusion, Mac imports data from this malicious backup.

the worst is over

Apple fixed the bug with macOS 13.4

Fortunately, macOS Ventura users shouldn’t worry about this flaw, which Apple fixed in the macOS 13.4 update on May 18 and also thanks Microsoft on its security webpage.

As Apple keeps abreast of the latest updates to macOS Ventura, we look forward to the release of the as-yet-unnamed macOS 14 and any OS updates that will be announced at the WWDC 2023 keynote on June 5th.