Microsoft: macOS bug lets hackers install malicious kernel drivers – BleepingComputer
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flawsFBI deletes Chinese PlugX malware from thousands of US computersFortinet warns of auth bypass zero-day exploited to hijack firewallsHackers use FastHTTP in new high-speed Microsoft 365 password attacksStay on top of the latest career skills with lifetime access to InfoSec4TCJanuary Windows updates may fail if Citrix SRA is installed Allstate car insurer sued for tracking drivers without permissionWP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sitesHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeApple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected areas.SIP allows only Apple-signed processes or those with special entitlements, such as Apple software updates, to modify macOS-protected components. Disabling SIP normally requires a system restart and booting from macOS Recovery (the built-in recovery system), which requires physical access to a compromised machine device.The security flaw (tracked as CVE-2024-44243), which can only be exploited by local attackers with root privileges in low-complexity attacks requiring user interaction, was found in the Storage Kit daemon that handles disk state-keeping.Successful exploitation could allow attackers to bypass SIP root restrictions without physical access to install rootkits (kernel drivers), create persistent, “undeletable” malware, or circumvent Transparency, Consent, and Control (TCC) security checks to access victims’ data.Apple has patched the vulnerability in security updates for macOS Sequoia 15.2, released one month ago, on December 11, 2024.”System Integrity Protection (SIP) serves as a critical safeguard against malware, attackers, and other cybersecurity threats, establishing a fundamental layer of protection for macOS systems,” Microsoft said today in a report that provides more technical details on CVE-2024-44243.”Bypassing SIP impacts the entire operating system’s security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes.”Microsoft security researchers have discovered multiple macOS vulnerabilities in recent years. A SIP bypass dubbed ‘Shrootless’ (CVE-2021-30892), reported in 2021, also allows attackers to perform arbitrary operations on compromised Macs and potentially install rootkits.More recently, they also found another SIP bypass dubbed ‘Migraine’ (CVE-2023-32369) and a security flaw known as Achilles (CVE-2022-42821), which can be exploited to deploy malware via untrusted apps capable of bypassing Gatekeeper execution restrictions.Microsoft principal security researcher Jonathan Bar Or also discovered ‘powerdir’ (CVE-2021-30970), another macOS vulnerability that lets attackers bypass Transparency, Consent, and Control (TCC) technology to access macOS users’ protected data.Apple fixes two zero-days used in attacks on Intel-based MacsMicrosoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flawsBanshee stealer evades detection using Apple XProtect encryption algoMicrosoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flawsJanuary Windows updates may fail if Citrix SRA is installed Not a member yet? Register NowMicrosoft MFA outage blocking access to Microsoft 365 appsPhishing texts trick Apple iMessage users into disabling protectionRansomware abuses Amazon AWS feature to encrypt S3 bucketsCriminal IP: Real-Time Phishing Protection for Outlook UsersSave IT time with self-service password resetsPassword health-check overdue? Audit your Active Directory for freeCynet Delivers 100% Protection and 100% Detection Visibility in 2024 MITRE ATT&CK EvaluationProtecting Against Malicious Browser Extensions: The Complete GuideTerms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
