Kowatek Solar LTD
ARENA commits AU$95.4 million to extend ACAP to 2033
09:20
ARENA commits AU$95.4 million to extend ACAP to 2033
Do You Have The Right Inverter For 3 Free Hours Of Power?
09:18
Do You Have The Right Inverter For 3 Free Hours Of Power?
Enphase Energy brings microinverter tech to data centres
09:17
Enphase Energy brings microinverter tech to data centres
Ohmium and Hynfra partner on green hydrogen
09:16
Ohmium and Hynfra partner on green hydrogen
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
17:54
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
Largest wind farm in the United States slated to begin commercial operations
17:53
Largest wind farm in the United States slated to begin commercial operations
RETC PV Module Index highlights panel reliability concerns
14:31
RETC PV Module Index highlights panel reliability concerns
SEIA: AI is fueling a massive US energy storage boom
07:36
SEIA: AI is fueling a massive US energy storage boom
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
17:55
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
France VAT compliance
17:59
France VAT compliance

New “Migraine” Flaw Enables Attackers to Bypass MacOS Security

A new vulnerability has been discovered in macOS that allows attackers with root access to bypass System Integrity Protection (SIP) and take arbitrary actions on affected devices.

Discovered by Microsoft and named “Migrene,” the flaw was disclosed to Apple through a coordinated vulnerability disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

SIP is a security technology implemented in macOS that prevents root users from compromising system integrity. SIP, also known as “routeless”, was introduced in macOS Yosemite by Apple as a security measure. This limits the root user’s access to sensitive system files and directories.

Technically speaking, SIP cannot be disabled on a running system and instead requires physical access to the device via the recovery OS. SIP bypass allows an attacker to override her SIP-protected directories and files.

Bypassing SIP can therefore lead to the installation of rootkits, the creation of persistent malware, and an increased attack surface for further exploitation.

Microsoft explained that the techniques used to exploit this vulnerability are similar to those found in the Shrootless vulnerability (tracked CVE-2021-30892) published in 2021.

“We focused on system processes signed by Apple and with the com.apple.rootless.install.heritable entitlement that could be tampered with to execute arbitrary code in a security context that bypasses SIP checks. Found 2 child processes.” Read Microsoft’s advisory published on Tuesday.

The tech giant has confirmed that Apple released a security update on May 18, 2023 to address an issue identified as CVE-2023-32369.

In a security bulletin, Apple said “a logical problem was solved with improved state management,” and credited Microsoft researchers Jonathan Bar Or, Anurag Bohra, and Michael Pearse for the findings. .

Read more about Apple’s vulnerabilities: Apple patches two zero-days in the wild

According to Microsoft, the discovery of the migraine vulnerability highlights the importance of continued research and collaboration to mitigate security risks across the platform.

In adjacent news, Microsoft, Apple and Google recently partnered on a passwordless standard.

Editorial image credit: WeDesing / Shutterstock.com

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us