A newly discovered macOS bug could allow hackers with root privileges to bypass Apple's security protections and install "undeletable" malware on vulnerable Macs.

The flaw, named Migraine and tracked as CVE-2023-32369, was actually discovered by a team of Microsoft security researchers and subsequently reported to Apple.

If exploited by an attacker on a Mac that has not been updated, the flaw allows an attacker to bypass macOS' System Integrity Protection (SIP). as BleepingComputer points out, SIP is macOS' security mechanism that prevents potentially malicious software from modifying certain folders and files within the root user account.

Essentially, SIP ensures that only processes signed by Apple, along with Apple software updates and installers, are allowed to make changes to protected components of macOS.

Fortunately, Apple released security updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7 earlier this month to patch this vulnerability. Nevertheless, if you have not yet updated your Mac to the latest version, you could be at risk, especially now that hackers know how this flaw works.

Typically, to disable SIP, an attacker would need physical access to one of the best Macs. From there, they need to reboot the system and boot from Apple's built-in recovery system, macOS Recovery.

However, Microsoft security researchers have found a way to bypass SIP security with root privileges by exploiting Apple's own macOS Migration Assistant. They then demonstrated that an attacker with root privileges could automate the migration process with AppleScript and add it to the SIP exclusion list, thereby launching the malicious payload without having to restart the Mac and boot from macOS recovery.

Microsoft's Threat Intelligence team provided further details about the Migraine vulnerability in a blog post, stating: "Signed by Apple, com.apple.rootless.install.heritable By focusing on a system process with an entitlement, we discovered two child processes that could be tampered with to obtain arbitrary code execution in a security context to bypass SIP checks"

.

Malware loaded in this manner is particularly dangerous because it cannot be removed by standard removal methods and can hide from security software. Worse, bypassing SIP also makes it possible to circumvent Apple's TCC (Transparency, Consent and Control) policy, allowing unrestricted access to personal data stored on vulnerable Macs.

The main way to protect yourself from potential attacks that exploit macOS bugs such as the above is to keep your Mac up-to-date and running the latest software.

When Apple issues security updates, they are generally designed to fix serious bugs like this one or even more dangerous macOS zero-day. Hackers often prey on users who have not updated their devices, so installing the latest updates as soon as they become available reduces the likelihood of falling victim to an attack.

Apple has its own built-in antivirus software in the form of XProtect, but you may also want to install one of the best Mac antivirus software solutions for additional protection. iPhone and iPad too! If you want protection, Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 are the only Mac antivirus apps that can scan iPhone and iPad malware connected to your computer via USB.

More may be forthcoming from Apple on this macOS bug, as it has been patched and the company's customers have had enough time to update their devices with the latest security updates.