Microsoft has released details on a security vulnerability that the company discovered in macOS Ventura. The vulnerability, which Microsoft dubbed “Migraine,” involved Apple’s Migration Assistant and allows a hacker to get by macOS’s System Integrity Protection and get access to the data on the Mac.
In a blog post, Microsoft provides the technical details on how Migraine works. Apple’s SIP provides security for macOS to stop unauthorized root access, but the Migration Assistant app has a privilege that allows it to have unrestricted root access. Microsoft created a modified version of Migration Assistant that takes advantage of this exploit, but the modified app had to be used while the Mac’s Setup Assistant is in debug mode. Microsoft’s researchers were able to use the exploit and then run an AppleScript that mounted a Time Machine backup with infected data, which was transferred to the Mac.
Documented as CVE-2023-32369 in the CVE.report database, Apple fixed “Migraine” with the macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7 updates released about two weeks ago and is noted in Apple’s security notes. It is customary for security researchers to publish their findings after Apple has fixed the vulnerability. In the Impact section, Apple says the flaw could allow an app to modify protected parts of the file system.
To see if the update is installed, check Software Update in System Settings/Preferences. You can also install the update from there. Installation requires an internet connection and the update is over 2GB, so you need to set aside some time to download, install, and restart your Mac.