CTI Notification: Migraine macOS vulnerability research details released
Breakdown
Microsoft has shared details of a vulnerability they discovered in macOS that would allow an attacker, if they are able to acquire root access, to automatically bypass the built-in security system called System Integrity Protection (SIP). SIP was designed to contain even the root user account from compromising the operating system’s integrity. This would normally block persistent malware, rootkits, and many other exploits from being able to execute and change system settings. Microsoft reported this vulnerability to Apple, who patched it with the included security updates released by Apple on May 18th, 2023. If you have not installed the update for this vulnerability and many others, you should do so as soon as possible.
Overview
Microsoft discovered this vulnerability during their normal malware hunting research process. They shared the findings with Apple through the Coordinated Vulnerability Disclosure (CVD) system, and CVE-2023–32369 was assigned to it. The accompanying blog post by Microsoft contains a full breakdown of the vulnerability, a technical walkthrough on how they performed the malware analysis and threat hunting to discover the vulnerability, and how to use this information to create a functional exploit. For anyone in the info security field, but especially anyone in threat intelligence, threat hunting or malware research roles, it serves as an excellent technical tutorial of the entire process from discovery to reporting and fixing the vulnerability. Th e post also contains a long list of references to further research on many of the general topics covered as part of their research process.
Recommendation
For everyone on the defender side interested in mitigating this issue, please follow the steps to install Apple’s security patch they released on May 18th. For all info security professionals looking to expand their knowledge of vulnerabilities and how they can be exploited, I fully recommend reading the entire posting in detail and looking at how you can use this research to further your threat hunting skills.
Conclusion
To our current SOC partnerships, please reach out to our SOC team to learn more about the best steps in researching your exposure to this threat. If you have any questions on this ongoing event or need any level of security assistance, please reach out to Hunter Strategy and we will be happy to discuss next steps in securing your IT systems!
Contact Us
contact@hunterstrategy.net
