Microsoft has discovered a critical vulnerability in macOS but Apple

Microsoft has discovered a critical vulnerability in macOS, but Apple has already fixed it

Microsoft experts discovered There is a security vulnerability in Apple macOS codenamed Migraine. The fact is that it is exploited via the Migration Assistant component and bypasses the System Integrity Protection (SIP) protection system, which was introduced back in OS X El Capitan in 2015.

    Image source:

Image source:

The SIP security tool adds several additional layers of security to the system by blocking application access and providing the ability to modify system files at the root level. While the feature can be disabled manually, it’s not easy, and Microsoft has figured out a way for attackers to bypass this protection.

Under normal conditions, Migration Assistant only works when a new user account is set up. This means that in order to exploit the vulnerability, a hypothetical hacker would need physical access to the computer to log off completely. To demonstrate the exploit, Microsoft researchers modified Migration Assistant to allow it to run the tool without logging off, and launched the Setup Assistant application in debug mode, ignoring changes to Migration Assistant. Next, a backup copy of the system was required in order to install it on a computer – the researchers created a 1GB Time Machine image with built-in malicious components and ran an AppleScript that served that copy without user intervention. This made it possible to run arbitrary code on a computer.

Microsoft has notified Apple of the vulnerability and it was fixed with the macOS 13.4 May 18 update – Mac users are advised to install it immediately.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment