A new macOS flaw can apparently allow hackers with root privileges to install undeletable malware on Macs as they can bypass Apple’s security protections.
The said flaw is called Migraine and is tracked as CVE-2023-32369. It was discovered by security researchers at Microsoft, who reported it to Apple.
Related
Once exploited, the attacker can use the flaw on a not-updated Mac to bypass the System Integrity Protection (SIP) on macOS. For a brief intro, SIP is a macOS security mechanism that can block potentially malicious software from changing particular files and folders in the root user account.
This means that SIP will only allow processes signed by Apple and their software updates and installers to make changes to protected components in the Mac operating system.
Thankfully, Apple has already fixed the vulnerability a few days ago on the latest security updates for Macs with versions macOS Ventura 13.4, Monterey 12.6.6, and Big Sur 11.7.7. So if you’re not updated to these latest versions yet, it’s best to do so immediately.