Press ESC to close

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

CategoryDetails
Threat ActorsUnidentified threat actors targeting macOS through SIP bypass.
Campaign OverviewExploitation of CVE-2024-44243 to bypass System Integrity Protection (SIP) and enable malicious activities.
Target Regions (Victims)macOS users globally, especially those using versions prior to Sequoia 15.2.
MethodologyExploiting a misconfiguration in the Storage Kit daemon (storagekitd) to bypass SIP protections.
Product TargetedApple macOS, particularly versions with unpatched CVE-2024-44243 vulnerability.
Malware ReferencePotential for rootkits, persistent malware, and compromised security solutions.
Tools UsedCustom binaries leveraging storagekitd’s entitlement to execute unauthorized file system operations.
Vulnerabilities ExploitedCVE-2024-44243 (SIP bypass), earlier vulnerabilities like CVE-2021-30892 (Shrootless) and CVE-2023-32369 (Migraine).
TTPsPrivilege escalation, persistence through SIP bypass, tampering with system files, evasion of security prompts.
AttributionResearch conducted and disclosed by Microsoft Threat Intelligence.
RecommendationsUpdate macOS to Sequoia 15.2 or later, ensure system software is patched promptly, and avoid untrusted applications.
SourceThe Hackers News

Read full article: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 15, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *