Microsoft experts discovered There is a security vulnerability in Apple macOS codenamed Migraine. The fact is that it is exploited via the Migration Assistant component and bypasses the System Integrity Protection (SIP) protection system, which was introduced back in OS X El Capitan in 2015.
The SIP security tool adds several additional layers of security to the system by blocking application access and providing the ability to modify system files at the root level. While the feature can be disabled manually, it’s not easy, and Microsoft has figured out a way for attackers to bypass this protection.
Under normal conditions, Migration Assistant only works when a new user account is set up. This means that in order to exploit the vulnerability, a hypothetical hacker would need physical access to the computer to log off completely. To demonstrate the exploit, Microsoft researchers modified Migration Assistant to allow it to run the tool without logging off, and launched the Setup Assistant application in debug mode, ignoring changes to Migration Assistant. Next, a backup copy of the system was required in order to install it on a computer – the researchers created a 1GB Time Machine image with built-in malicious components and ran an AppleScript that served that copy without user intervention. This made it possible to run arbitrary code on a computer.
Microsoft has notified Apple of the vulnerability and it was fixed with the macOS 13.4 May 18 update – Mac users are advised to install it immediately.