Microsoft: macOS bug lets hackers install malicious kernel drivers
https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers/
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
System Integrity Protection (SIP), or 'rootless,' is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account's powers in protected areas.
SIP allows only Apple-signed processes or those with special entitlements, such as Apple software updates, to modify macOS-protected components. Disabling SIP normally requires a system restart and booting from macOS Recovery (the built-in recovery system), which requires physical access to a compromised machine device.
originally posted at https://stacker.news/items/849412
ch0k1
npub1k3…q9t9m
2025-01-14 01:57:20
Author Public Key
npub1k3qrkfq45qsvyp53hvvv2xk6tt9kfdca9asfvm9nc796dq65948q9q9t9mPublished at
2025-01-14 01:57:20Event JSON
{
"id": "8448c42c45f0b040eaa27bad48a3e38e8eb0467a208c161108d4f048904baf0d",
"pubkey": "b4403b2415a020c20691bb18c51ada5acb64b71d2f60966cb3c78ba683542d4e",
"created_at": 1736819840,
"kind": 1,
"tags": [],
"content": "Microsoft: macOS bug lets hackers install malicious kernel drivers\nhttps://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers/\n\nApple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.\n\nSystem Integrity Protection (SIP), or 'rootless,' is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account's powers in protected areas.\n\nSIP allows only Apple-signed processes or those with special entitlements, such as Apple software updates, to modify macOS-protected components. Disabling SIP normally requires a system restart and booting from macOS Recovery (the built-in recovery system), which requires physical access to a compromised machine device.\n\noriginally posted at https://stacker.news/items/849412",
"sig": "a7368a6640ec93de4f5ea2fbab845ec4755e515e8269e3689cf1dc1bfe12d66e57d0545e80f648433a6d76397cef67be77baa0139c81f8fbd9df64eb82aaf531"
}