Microsoft researchers report macOS flaw affecting System Integrity Protection
Take action: Did you patch your MacOS in December? If not, this is one more reason to patch it. Anyone with physical access to your Mac can install a rootkit on it. We understand it's a hassle to reboot and wait for an hour, but it's just the right amount of time for a short walk. Click update, and take a walk. Your Mac will be patched when you come back.
Learn More
Microsoft security researchers are reporting a security vulnerability in macOS which affects the operating system's System Integrity Protection (SIP) mechanism.
The vulnerability is tracked as CVE-2024-44243 (CVSS score 5.5) and is a vulnerability in the Storage Kit daemon that allows local attackers with root privileges to bypass SIP restrictions without requiring physical access to the device.
System Integrity Protection (SIP), also known as 'rootless', is a crucial macOS security feature that prevents malicious software from modifying protected system files and folders by limiting root user account privileges. Normally, disabling SIP requires physical access to the device and a system restart through macOS Recovery mode.
This vulnerability allows attackers to bypass these restrictions through the Storage Kit daemon, which handles disk state-keeping operations.
The successful exploitation of this vulnerability could allow attackers to install malicious kernel drivers (rootkits), create persistent malware that cannot be deleted, bypass Transparency, Consent, and Control (TCC) security checks, and take full control of the device.
The flaw was patched by Apple in macOS Sequoia 15.2 updates released on December 11, 2024. Users are strongly advised to update their systems to the latest version to protect against potential exploits.
