Category | Details |
---|---|
Threat Actors | Unidentified threat actors targeting macOS through SIP bypass. |
Campaign Overview | Exploitation of CVE-2024-44243 to bypass System Integrity Protection (SIP) and enable malicious activities. |
Target Regions (Victims) | macOS users globally, especially those using versions prior to Sequoia 15.2. |
Methodology | Exploiting a misconfiguration in the Storage Kit daemon (storagekitd) to bypass SIP protections. |
Product Targeted | Apple macOS, particularly versions with unpatched CVE-2024-44243 vulnerability. |
Malware Reference | Potential for rootkits, persistent malware, and compromised security solutions. |
Tools Used | Custom binaries leveraging storagekitd’s entitlement to execute unauthorized file system operations. |
Vulnerabilities Exploited | CVE-2024-44243 (SIP bypass), earlier vulnerabilities like CVE-2021-30892 (Shrootless) and CVE-2023-32369 (Migraine). |
TTPs | Privilege escalation, persistence through SIP bypass, tampering with system files, evasion of security prompts. |
Attribution | Research conducted and disclosed by Microsoft Threat Intelligence. |
Recommendations | Update macOS to Sequoia 15.2 or later, ensure system software is patched promptly, and avoid untrusted applications. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html
The above summary has been generated by an AI language model
Leave a Reply