Mac users will be well advised to download and install macOS 15.2, an update to macOS Sequoia released by Apple on December 11. It provides a fix for the CVE-2024-44243 security flaw detected by Microsoft. Now that the vulnerability has been plugged, the publisher can communicate its nature and its danger.
A complicated flaw to exploit
This flaw allows attackers to bypass SIP (System Integrity Protection), a protection system enabled by default that prevents unauthorized modifications of files and system components, even by users with root privileges. The flaw was in StorageKit, which manages disk state.
Once SIP is in the cabbage, attackers can install rootkits (kernel drivers) and create “persistent” malware that is very difficult to remove. They also have the ability to access sensitive data. Microsoft explains that bypassing SIP “affects the security of the entire operating system and can lead to serious consequences.”
Disabling SIP requires a macOS reboot to the system restore partition. This is why attackers must first have physical access to the computer and have the root privileges of the victim, who also had to perform an action. Suffice to say that exploiting this flaw requires a hell of a combination of events.
Source: BleepingComputer
0 Comments