Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

The Hacker News by The Hacker News
January 16, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 14, 2025Ravie LakshmananEndpoint Security / Vulnerability

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.

The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug that was addressed by Apple as part of macOS Sequoia 15.2 released last month. The iPhone maker described it as a “configuration issue” that could permit a malicious app to modify protected parts of the file system.

“Bypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, bypass Transparency, Consent and Control (TCC), and expand the attack surface for additional techniques and exploits,” Jonathan Bar Or of the Microsoft Threat Intelligence team said.

Cybersecurity

SIP, also called rootless, is a security framework that aims to prevent malicious software installed on a Mac from tampering with the protected parts of the operating system, including /System, /usr, /bin, /sbin, /var, and the apps that come pre-installed on the device.

It works by enforcing various protections against the root user account, allowing modification of these protected parts only by processes that are signed by Apple and have special entitlements to write to system files, such as Apple software updates and Apple installers.

The two entitlements specific to SIP are below –

  • com.apple.rootless.install, which lifts SIP’s file system restrictions for a process with this entitlement
  • com.apple.rootless.install.heritable, which lifts SIP’s file system restrictions for a process and all its child processes by inheriting the com.apple.rootless.install entitlement

CVE-2024-44243, the latest SIP bypass discovered by Microsoft in macOS after CVE-2021-30892 (Shrootless) and CVE-2023-32369 (Migraine), exploits the Storage Kit daemon’s (storagekitd) “com.apple.rootless.install.heritable” entitlement to get around SIP protections.

Specifically, this is achieved by taking advantage of “storagekitd’s ability to invoke arbitrary processes without proper validation or dropping privileges” to deliver a new file system bundle to /Library/Filesystems – a child process of storagekitd – and override the binaries associated with the Disk Utility, which could then be triggered during certain operations such as disk repair.

“Since an attacker that can run as root can drop a new file system bundle to /Library/Filesystems, they can later trigger storagekitd to spawn custom binaries, hence bypassing SIP,” Bar Or said. “Triggering the erase operation on the newly created file system can bypass SIP protections as well.”

The disclosure comes nearly three months after Microsoft also detailed another security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS (CVE-2024-44133, CVSS score: 5.5) – aka HM Surf – that could be exploited to access sensitive data.

Cybersecurity

“Prohibiting third-party code to run in the kernel can increase macOS reliability, the tradeoff being that it reduces monitoring capabilities for security solutions,” Bar Or said.

“If SIP is bypassed, the entire operating system can no longer be considered reliable, and with reduced monitoring visibility, threat actors can tamper with any security solutions on the device to evade detection.”

Jaron Bradley, director of Threat Labs at Jamf, said SIP remains a coveted target for bug researchers and attackers, and that many of Apple’s security measures operate on the assumption that SIP cannot be bypassed. This also makes any successful SIP exploit highly significant.

“Typically, attackers rely on social engineering techniques to trick users into interacting with some of the operating system’s prompts,” Bradley added. “However, an exploit of SIP could allow an attacker to bypass these prompts, hide malicious files in protected areas of the system, and potentially gain deeper access. Given SIP’s low-level implementation, the only way for users to protect themselves from such attacks is to promptly update their operating system whenever Apple releases a security fix.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Biden orders DOE, DOD to lease sites for AI data centers

Biden orders DOE, DOD to lease sites for AI data centers

Recommended.

22 Women Of The Year Finalists On Lessons Learned From Their Own Role Models

22 Women Of The Year Finalists On Lessons Learned From Their Own Role Models

November 25, 2025
EU regulation sharpens fear of Norwegian AI exodus | Computer Weekly

EU regulation sharpens fear of Norwegian AI exodus | Computer Weekly

October 20, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio