Cybersecurity professionals are urged to ensure their systems are equipped with the latest macOS update. It addresses a major vulnerability that could open the operating system to further threats.
This flaw has been identified as CVE-2024-44243 and as it was highlighted by the recent analysts from Microsoft Threat Intelligence, it was resolved in the Apple security update that was released on December 11. The vulnerability can allow attackers to bypass the macOS System Integrity Protection (SIP) measures, designed to protect the device’s security.
It was noted in the Microsoft report that when SIP is absent, malicious actors could install rootkits, engage in harmful activities, and deploy persistent malware. Alarmingly, these cyberattacks can be implemented without physical access to the device.
Beyond updating vulnerable macOS systems, experts have recommended that cybersecurity teams remain alert for any suspicious activities. Mayuresh Dhani, manager of security research at Qualys, in response to the vulnerability, advised, “Teams should actively monitor processes with special entitlements, as these can be exploited to bypass SIP. It’s also crucial to keep an eye on the behavior of these processes within their environments.”
It was further suggested by Soroko that teams should keep a watch for any unusual disk management activities and any irregular behavior from privileged users. Along with this, they should also implement endpoint detection tools and controls for unsigned kernel extensions.
Dani has concurred that third-party kernel extensions should be handheld with caution to mitigate the risk of such attacks.
Litty mentioned, “While endpoint-based security solutions are attractive from a cost and usability perspective compared to off-device solutions such as [virtual desktop infrastructure], the constant stream of OS vulnerabilities that allow a local attacker to bypass OS integrity protection mechanisms shows that this is a risky gamble. If your security controls involve installing an application on an unmanaged device and relying on this application protecting itself, you need to closely monitor this type of issue.”
Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment Policy.