Apple Bug Allows Root Protections Bypass Without Physical Access
Posted: Tue Feb 11, 2025 3:46 am
Cyber defenders are encouraged to ensure systems have been updated with the latest macOS patch, which includes a fix for a vulnerability that exposed the entire operating system to further compromise.
The bug, tracked under CVE-2024-44243, was patched in the Dec. 11 Apple security update, according to analysis from Microsoft Threat Intelligence that was released this week. The vulnerability could allow adversaries to bypass the macOS System Integrity Protection (SIP) restrictions, which limit operations that are detrimental to a device's security. Without SIP controls in place, a threat actor could install rootkits, drop persistent malware, and more, according to the Microsoft report. More disturbing, threat actors don't need physical access to pull off the cyberattack.
https://www.darkreading.com/vulnerabili ... cal-access
The bug, tracked under CVE-2024-44243, was patched in the Dec. 11 Apple security update, according to analysis from Microsoft Threat Intelligence that was released this week. The vulnerability could allow adversaries to bypass the macOS System Integrity Protection (SIP) restrictions, which limit operations that are detrimental to a device's security. Without SIP controls in place, a threat actor could install rootkits, drop persistent malware, and more, according to the Microsoft report. More disturbing, threat actors don't need physical access to pull off the cyberattack.
https://www.darkreading.com/vulnerabili ... cal-access