The vulnerability, named Migraine and listed as CVE-2023-32369, allows attackers with root privileges to bypass important security measures and gain access to the victim’s private data. The vulnerability was reported to Apple by the Microsoft team.and Apple has since released security updates to fix the problem. These updates, released on May 18, macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7. This is not the first time such a flaw has been reported by Microsoft.
The security mechanism in question is called System Integrity Protection (SIP) or “rootless”. It restricts the root user account and its capabilities in sandboxed areas of the operating system, potentially preventing malware from modifying certain files and folders.
Additionally, bypassing the SIP protocol also bypasses the Transparency, Consent and Control (TCC) policies that protect user data. Attackers can override TCC databases and gain unlimited access to the victim’s private information.