CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection (SIP). Learn how this vulnerability can be exploited and how to protect your devices from this threat.
A recently discovered macOS vulnerability tracked as CVE-2024-44243, has raised alarms for jeopardizing the security of Apple devices. This vulnerability, uncovered by Microsoft Threat Intelligence, allows attackers to circumvent Apple’s robust System Integrity Protection (SIP) mechanism.
How Does It Work?
The flaw is found in the Storage Kit daemon, allowing local attackers with root privileges to exploit low-complexity attacks. According to Microsoft’s technical blog, shared with Hackread.com, CVE-2024-44243 exploits a weakness in the macOS storage management system. By leveraging the “storagekitd” daemon, attackers can potentially load third-party kernel extensions, bypassing the strict controls imposed by SIP.
What are the Implications?
System Integrity Protection (SIP) is a crucial cybersecurity measure for macOS systems, protecting against malware and attackers. Bypassing it can significantly compromise the system’s security, Microsoft noted. Such as, attackers can install malicious software at the kernel level, and gain deep access to the system and data.
Moreover, malicious software can establish a persistent presence on the system, making it difficult to remove and potentially enabling future attacks. Also, attackers could bypass TCC (Transparency, Consent, and Control), Apple’s privacy framework, allowing unauthorized access to user data and sensitive information. The vulnerability creates a wider attack surface, enabling attackers to exploit other vulnerabilities and escalate their privileges.
Mitigating the Threat
Apple has released security updates to address CVE-2024-44243. All macOS users must update their systems to the latest version to patch this vulnerability.
Microsoft’s responsible disclosure to Apple and their joint efforts to address this threat highlights the importance of shared knowledge and coordinated action in safeguarding user security.
While we focus on patching vulnerabilities to protect ourselves from cyberattacks, it is important to remember that social engineering scams remain a prevalent threat.
A recent campaign discovered by Group-IB targeted Apple iOS and Android users with fake trading apps. These apps were designed to steal from unsuspecting cryptocurrency investors. Therefore, staying informed about the latest threats, practicing safe online habits, and keeping software updated, are essential to minimize cybersecurity risks.
Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM) commented on this stating, “This exposes the entire operating system to deeper compromise without needing physical access, threatening sensitive data and system controls.“
“Security teams should ensure macOS systems are patched with the latest updates, closely monitor for unusual disk management or privileged process behaviour, and implement endpoint detection tools that watch for unsigned kernel extensions,“ Jason explained. “Regular integrity checks, principle-of-least-privilege policies, and strict compliance with Apple’s security guidelines further reduce exposure to this critical threat.“