Microsoft has discovered a vulnerability in macOS that gives full access to the system

Microsoft identified new macOS vulnerability. It's called Migraine, and it can really add headaches to users - but only to those who avoid system updates.

According to a May 30 report, Migraine allows attackers with root rights to bypass System Integrity protections. Protection (SIP) and perform arbitrary actions on the device, including installing malware and obtaining personal data from computer.

SIP is a security technology that restricts the actions of users with root privileges. It prohibits actions that can lead to a violation of the integrity of the system. To do this, the suspicious process is transferred to the sandbox, which closes the possibility of overwriting files and directories.

On a running system, SIP bypass is usually not possible: it requires restarting the computer and entering system recovery mode. However, experts from Microsoft discovered a vulnerability in the built-in Migration Assistant utility, from which the name Migraine came.

Interaction with the "Migration Assistant" requires direct access to the computer, but the researchers were able to intervene in the work of the function and remotely start the migration without logging out of the account (without which the utility usually cannot works). Next, we set up the restoration of a backup copy from Time Machine - in which a malicious payload was prepared with the ability to bypass SIP. So the virus enters the computer without the possibility of removal or detection, and the delivery process was automated through AppleScript.

Microsoft informed Apple about the discovery in advance, and the May 18 updates for macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7 have already fixed this vulnerability. To protect yourself, just make sure that you are using the latest version of the system.