New Articles
Windows 11 users have discovered a funny bug that benefits older computers....
It's easy to turn off the transmission — we tell you how to do it....
Such photos have been taken by models and social media users for a long time,...
A famous musician? A schoolteacher? Mom? Tell us about the people you looked up...
Thanks to the instructions of Artyom Kozoriz, you can cope no worse than a...
5 interesting exercises that will help you develop flexibility....
From "Starship Troopers" and "The Matrix" to...
The return of Garfield and Mufasa, the new Transformers and the Lord of the...
Trickben.com » macOS » Microsoft has discovered a macOS vulnerability that gives full access to the system

Microsoft has discovered a macOS vulnerability that gives full access to the system

02 Jun 2023, 12:06, parser
0 comments    1 Show

Microsoft has identified a new macOS vulnerability. It was called Migraine, and it can really add headaches to users — but only to those who avoid system updates.

According to a report published on May 30, Migraine allows attackers with root rights to bypass System Integrity Protection (SIP) and perform arbitrary actions on the device, including installing malware and receiving personal data from the computer.

SIP is a security technology that restricts the actions of users with root privileges. It prohibits actions that could lead to a violation of the integrity of the system. To do this, the suspicious process is transferred to the sandbox, which closes the possibility of overwriting files and directories.

SIP bypass is usually impossible on a running system: it requires restarting the computer and switching to system recovery mode. However, experts from Microsoft discovered a vulnerability in the built-in Migration Assistant utility, from which the name Migraine came.

Interaction with the "Migration Assistant" requires direct access to the computer, but the researchers managed to interfere with the function and remotely start the migration without logging out of the account (without which the utility usually does not work). Next, we configured the recovery of a backup copy from Time Machine — in which a malicious payload was prepared with the ability to bypass SIP. So the virus gets to the computer without the possibility of removal or detection, and the delivery process was automated via AppleScript.

Microsoft informed Apple about the discovery in advance, and in the updates of May 18, macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, this vulnerability has already been closed. To protect yourself, it is enough to make sure that you are using the current version of the system.

Comments
reload, if the code cannot be seen