1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft found a critical security bug in macOS that could have

    From TechnologyDaily@1337:1/100 to All on Wed May 31 13:15:03 2023
    Microsoft found a critical security bug in macOS that could have many users worried

    Date:
    Wed, 31 May 2023 12:07:33 +0000

    Description:
    Apple released a fix earlier this month, so make sure to apply it fast.

    FULL STORY ======================================================================

    Microsoft found a critical security bug in Apple's macOS that could have many users worried.

    The vulnerability is tracked as CVE-2023-32369. It has been dubbed Migraine, and allows threat actors with root privileges to bypass System Integrity Protection (SIP), essentially being given the opportunity to install malware that cannot be deleted from the endpoint . Furthemore, the flaw allows threat actors to work around Transparency, Consent, and Control (TCC) feature, and access sensitive data.

    The bug has since been patched across the Apple ecosystem, with users told to apply the fix as soon as they can. Arbitrary code execution

    System Integrity Protection is a feature on Apple devices that restricts the root account. Also known as rootless, the feature makes the OS kernel put checks on the root users access, preventing it from making certain changes to key folders and files. Devices with SIP only allow Apple-signed processes, or those with special Apple entitlements (think patches and updates), to make changes to protected components and elements.

    The only way to disable SIP is to have physical access to the target
    endpoint, making compromise through this avenue almost impossible. Still, Microsofts team found a way to bypass SIP through the Migration Assistant, a tool that allows users to migrate their data to a new device. Read more

    Apple Safari patched to fix potentially dangerous zero-day flaws


    Apple just patched a pair of dangerous iOS and macOS security issues, so
    update now


    Here's our list of the best firewalls around

    "By focusing on system processes that are signed by Apple and have the com.apple.rootless.install.heritable entitlement, we found two child
    processes that could be tampered with to gain arbitrary code execution in a security context that bypasses SIP checks," Microsofts researchers explained.

    In other words, threat actors could add malware to SIPs exclusion list and then, without botting from macOS Recovery, automate the migration process.

    Apple has fixed the vulnerability in macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, so make sure to bring your operating system up to date immediately. Stay protected online with these best ransomware protection

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-found-a-critical-security-bug-in-maco s-that-could-have-many-users-worried


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)