Microsoft has released details on a security vulnerability that was fixed with the macOS Sequia 15.2 update, which was released in December. The flaw could have been exploited by an attacker to bypass macOS’s System Integrity Protection (SIP), which stops unauthorized code from running.
Documented as CVE-2024-44243, the vulnerability involved macOS’s Storage Kit daemon and its entitlements. According to Microsoft, Storage Kit “has many SIP bypassing capabilities” that a hacker can exploit. The Sequoia 15.2 update security notes state that a configuration issue was the root of the flaw:
StorageKit
- Available for: macOS Sequoia
- Impact: An app may be able to modify protected parts of the file system
- Description: A configuration issue was addressed with additional restrictions.
- CVE-2024-44243: Mickey Jin (@patch1t), Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft
SIP became part of macOS over nine years ago, with the release of OS X El Capitan. When SIP is running, it is often said that the Mac is in “rootless” mode and a majority of users can use SIP without it ever being an issue–chances are, you don’t even know you’re running SIP. A few users do require root access to their Macs, and SIP can be turned off.
How to protect yourself from malware
Apple releases security patches through OS updates, so installing them as soon as possible is important. And as always, when downloading software, get it from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software
