Microsoft has provided details on a new macOS vulnerability, one that could be used to bypass System Integrity Protection (SIP).

SIP is a key component in macOS security, ensuring the system cannot run unauthorized code or applications. According to Microsoft, a bug in the macOS migration process could be used to bypass SIP altogether.

The company outlined its findings in a blog post:

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.

Microsoft’s entire blog post outlining the steps they took to find and evaluate the vulnerability is a very lengthy read. However, there are several potential ramifications:

• A SIP exploit can be used to create undetectable malware.
• SIP exploits provide a path “for attackers to gain arbitrary kernel code execution.”
• SIP exploits can allow hackers to enable rootkits and bypass anti-tampering measures.
• Such exploits can be used to bypass Transparency, Consent, and Control (TCC) policies.

Microsoft has already notified Apple, and a fix was included in the May 18, 2023 security update. Needless to say, all users should update immediately.