Apple vulnerability discovered: your camera and data could be at risk

Published: 14 January 2025
Last updated: 14 January 2025
Apple vulnerability
Image by Cybernews

Exploiting this vulnerability, attackers could bypass Apple’s vital security feature, known as SIP.

MacOS’s System Integrity Protection (SIP) is crucial for protecting the operating system against malware and a handful of other threats. SIP enforces restrictions on system-level operations, even for users with root privileges.

Microsoft Threat Intelligence discovered a vulnerability, now identified as CVE-2024-44243, that could be used to bypass the SIP security shield. If exploited, it would allow the loading of third-party kernel extensions, resulting in severe security implications for users.

ADVERTISEMENT

A SIP bypass impacts the entire macOS operating system and could result in the following:

  • Installing malware or rootkits.
  • Bypassing MacOS's Transparency, Consent, and Control (TCC) framework. The TCC framework prevents apps from accessing users' personal information, such as location, browsing history, camera, microphone, or others, without their consent. Bypassing it could result in private data breaches.
  • Disabling or altering security tools to avoid detection.
  • Creating more opportunities for additional attacks.

Researchers identified a vulnerability in the Storage Kit daemon, a critical macOS process responsible for managing disk state operations.

This flaw could allow attackers with root access to bypass SIP protections by injecting and activating custom file system bundles to perform unauthorized actions.

The team also found several third-party file system implementations, including those from Tuxera, Paragon, EaseUS, and iBoysoft, to be vulnerable to exploitation.

Ernestas Naprys vilius Gintaras Radauskas Paulius Grinkevičius B&W
Don’t miss our latest stories on Google News
Google News Follow us

By embedding custom code into these file systems and utilizing tools like Disk Utility or the ‘diskutil’ command, attackers could circumvent SIP and override Apple’s kernel extension exclusion list.

Following Microsoft and security researcher Mickey Jin's responsible disclosure, Apple released a patch for the vulnerability in December 2024. Users should keep their systems up to date to avoid risks.

ADVERTISEMENT

Microsoft researchers have previously found a bypass technique that removes TCC protection for the Safari browser directory. Following a responsible disclosure, Apple released a fix for the vulnerability on September 16th.

In August, a report showed that six Microsoft applications on macOS – Outlook, Teams, PowerPoint, OneNote, Excel, and Word – are vulnerable to exploits that could grant attackers access to sensitive information, send emails, and record video and audio without any user interaction.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT