macOS exploit found by Microsoft could bypass System Integrity Protection

  • Post category:Technology
  • Reading time:2 mins read
  • Post comments:0 Comments

Article written by Filipe Espósito, Zac Hall, Chance Miller, via on 30 May 2023

Microsoft details how it found the “Migraine” exploit in macOSAs the company shared on its Security blog, a vulnerability named “Migraine” could bypass macOS’ System Integrity Protection and lead to arbitrary code execution on a device.
The exploit was able to do this using a special entitlement designed to give unrestricted root access to the Migration Assistant app.
But to demonstrate the potential risk of this exploit, Microsoft showed that there was a way to take advantage of it without worrying about the limitations listed before.
Since Setup Assistant was running in debug mode, the researchers could easily skip the steps of the setup process and jump straight to Migration Assistant.
That’s because Microsoft informed Apple about the exploit, which was fixed with the macOS 13.4 update – released on May 18 to the public.

Please check out the complete article (source in English):
Generated and translated automatically by Nisba!

Leave a Reply