Apple Resolves macOS Security Flaw Allowing Hackers to Bypass Protections

Microsoft has revealed details about a macOS security flaw that Apple recently fixed. This issue, known as CVE-2024-44243, could allow hackers with advanced access, called “root,” to bypass an important security feature called System Integrity Protection (SIP). SIP is designed to stop unauthorized changes to critical parts of the macOS system, keeping it safe from malicious software.

The problem was a “configuration issue” that Apple addressed in the macOS Sequoia 15.2 update. The flaw could allow harmful apps to modify protected system files, potentially causing serious harm. Apple recommends users update their devices to the latest version to avoid risks.

What is SIP?

SIP, also called “rootless,” is a security feature that protects vital parts of macOS. It stops unauthorized changes to system files and settings, even if someone has root access. This helps keep the system secure by ensuring that only Apple-approved processes can modify these areas.

SIP has two special permissions, or “entitlements,” that allow specific actions:

1. com.apple.rootless.install: Allows authorized processes to bypass SIP and make changes.
2. com.apple.rootless.install.heritable: Extends this ability to child processes created by the authorized process.

How Was the Flaw Exploited?

Microsoft found that attackers could exploit a macOS process called “storagekitd.” This process is responsible for managing file systems and was found to have a vulnerability. Hackers could trick it into running harmful programs, bypassing SIP protections. They could then replace important system files or install malicious software.

For example, an attacker could drop harmful files into the system and use “storagekitd” to trigger actions like disk repair. This process would bypass SIP, letting the attacker install software that’s hard to detect or remove.

Why Does This Matter?

If attackers bypass SIP, they can tamper with the macOS operating system, disable security tools, and make the device more vulnerable to further attacks. This could lead to malware that’s difficult to detect, persistent hacking attempts, and loss of data security.

Microsoft’s team has warned that bypassing SIP not only reduces macOS reliability but also makes it harder to monitor for threats. Without proper security visibility, attackers can avoid detection and compromise the system further.

What Should You Do?

Apple has fixed the flaw in the macOS Sequoia 15.2 update, so it’s essential to update your Mac to the latest version. Regular updates ensure your system is protected from known vulnerabilities and remains secure against potential threats.

Stay vigilant and keep your macOS updated to maintain a safe and reliable computing experience.