Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.
Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.
If a piece of malware can simply sneak past SIP, though, it can do untold damage — and that’s just what Migraine is capable of.
Ordinarily, the only way to disable SIP is to restart your Mac in Recovery mode, enter a specific command into the Terminal, then restart again. That means you need to be present in front of the computer in question, which on the surface should make exploits like Migraine untenable.
However, Migraine doesn’t actually require physical access to the target device, meaning a hacker could activate it remotely and gain unauthorized admission to the most sensitive parts of your Mac.
Instead, Migraine abuses macOS’ built-in Migration Assistant utility, which contains SIP-bypassing capabilities. Microsoft’s researchers found that a person can automate the utility’s migration process with AppleScript, add a malicious payload to the SIP exclusions list, then launch it on the target Mac. All of this could be done without restarting the computer or booting from macOS Recovery mode.
Update your Mac now
Getting past the protections offered up by SIP gives malware writers significant powers to harm your Mac. They could bypass Apple’s Transparency, Consent, and Control (TCC) policies, for example, which would grant them access to your private data. Or they could craft SIP-protected malware that can’t be deleted using normal methods.
That all makes this vulnerability a very high priority to get fixed. Fortunately, Apple and Microsoft have been working hand in hand to do just that. Microsoft alerted Apple as soon as it discovered the vulnerability, and Apple was able to quickly roll out a fix in various updates: macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, all of which were released on May 18.
It’s not the first time that an exploit has been found that can access extremely important data on your Mac. If anything, Migraine illustrates exactly why you should always keep your Mac up to date and install security fixes as soon as they become available. Doing that should help you stay on top of headache-inducing threats like Migraine.