BleepingComputer reports that threat actors could leverage a recently addressed macOS vulnerability, tracked as CVE-2024-44243, to evade Apple's System Integrity Protection (SIP) against malware and other cybersecurity threats and facilitate malicious kernel driver injections.
Microsoft Threat Intelligence said aside from enabling rootkit installation, exploiting the flaw could also result in the establishment of persistent and unremovable malware, as well as the avoidance of transparency, consent, and control security inspections.
"Bypassing SIP impacts the entire operating system's security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes," said Microsoft.
These findings come amid the growing prevalence of macOS vulnerabilities that enable circumvention of the operating system's security defenses. They include the following: the Migraine and Shrootless SIP bypass issues, tracked as CVE-2023-32369 and CVE-2021-30892; the Achilles flaw, tracked as CVE-2022-42821, which sidesteps Gatekeeper execution limitations for malware delivery; and the powerdir bug, tracked as CVE-2021-30970, which allowed protected data compromise via TCC bypass.
