A significant security vulnerability in macOS that could allow attackers to bypass System Integrity Protection (SIP) has been patched by Apple. The flaw, tracked as CVE-2024-44243, was discovered in the Storage Kit daemon and could potentially enable malicious actors to install unauthorized kernel drivers.

System Integrity Protection, also known as ‘rootless,’ is a crucial macOS security feature that prevents unauthorized modification of protected system files and folders. The vulnerability could be exploited by local attackers with root privileges, requiring minimal technical complexity and some user interaction.

Key Impact and Risks:
– Installation of rootkits (kernel drivers)
– Creation of persistent malware
– Bypass of Transparency, Consent, and Control (TCC) security checks
– Unauthorized access to user data

The fix has been implemented in macOS Sequoia 15.2, released on December 11, 2024. Microsoft researchers, who identified the vulnerability, emphasize that SIP bypasses pose significant risks to overall system security.

This discovery adds to a series of macOS vulnerabilities found by Microsoft’s security team in recent years, including:
– ‘Shrootless’ (CVE-2021-30892)
– ‘Migraine’ (CVE-2023-32369)
– ‘Achilles’ (CVE-2022-42821)
– ‘Powerdir’ (CVE-2021-30970)

Users are strongly advised to update their systems to the latest macOS version to maintain security integrity.