Home > News

Microsoft Finds Exploit That Leaves Mac Vulnerable

By Charlie Fripp
Mac Featured

It’s a common myth that Apple’s macOS and iOS are impervious to malware and hackers. No matter the developer, any operating system is vulnerable when cybercriminals discover an exploit. While it is rare for Apple, Microsoft recently discovered an exploit that leaves Mac computers at the mercy of hackers.

Stay safe: learn how hackers demanded $10M with ransomware, then leaked personal info.

Patching the Holes

Any computer user will know that there is a potential treasure trove of information on the device’s hard drive. Anything from family photos and videos to banking details and social media credentials is stored on computers and web browsers. Therefore, if a hacker gains full access to your Mac, it could have serious consequences.

Microsoft recently discovered one of these vulnerabilities, called Migraine, that creates a tunnel for hackers into the depths of a Mac computer. The flaw enables a cybercriminal to bypass the macOS System Integrity Protection (SIP), the default method of locking down and protecting root access.

Mac Malware
Image source: Unsplash

By sidestepping the built-in security checks, it opens the door for “attackers and malware authors to successfully install rootkits, create persistent malware, and expand the attack surface for additional techniques and exploits,” Microsoft explains. That is the technical explanation, but in layman’s terms, the exploit allows hackers to:

  • Create undeletable malware that is protected by the same SIP system it breached.
  • Expand the scope of the malware to attack the system’s kernel when antivirus software stops monitoring the kernel for malicious activity.
  • Completely bypass the Transparency, Consent, and Control (TCC) policies, letting arbitrary apps capture and distribute personal information.
  • Hide malicious processes or files from all monitoring tools.

Microsoft successfully replicated the exploit and notified Apple through the Coordinated Vulnerability Disclosure system, which officially designated it as CVE-2023-32369. If you have a computer running macOS, you must update your operating system to the latest version, as a fix for this exploit is included in the May 18, 2023 patch.

Tip: learn how to safely test any Windows antivirus against real malware.

Image credit: Unsplash

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Charlie Fripp Avatar
Charlie Fripp
Charlie Fripp is a technology writer with a strong focus on consumer gadgets, video games, and cyber security. He holds an undergraduate degree in professional journalism and has worked as a journalist for over 15 years. In his spare time, he enjoys playing various musical instruments and gardening.

Read next

In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.
A contemplative scene with two scientists in a vintage laboratory setting.
When Harvard astronomer Cecilia Payne submitted her 1925 doctoral thesis arguing that the Sun was made almost entirely of hydrogen, the field’s senior figure Henry Norris Russell talked her into adding a line calling the result ‘almost certainly not real,’ and then published the same conclusion himself four years later to widespread acclaim.
When seismic waves from the Chicxulub impact reached what is now North Dakota roughly ten minutes after the asteroid struck, they appear to have triggered a ten-metre standing wave in an inland river that flung fish onto the bank and buried them under glass beads still falling from the sky.
When survivors near Lake Nyos woke on the morning of 22 August 1986, the cattle were dead in the fields, the birds had fallen out of the trees, and 1,746 of their neighbours were lying where they had stood the night before, with no fire, no flood, and no wound to explain it.
In October 2002, a Russian scientist named Dimitri Malashenkov stood up at a space conference in Houston and quietly explained that the dog Laika, whom the Soviet Union had publicly mourned as a heroic week-long orbiter in 1957, had actually died of heat and panic within about five hours of launch.