Jobs’ Mob had a security feature that allowed attackers to bypass macOS System Integrity Protection (SIP) and install “undeletable” malware while accessing private data on a Mac. Obviously, this feature was proof that Apple’s software designers were geniuses and ahead of their time, and soon everyone would follow them in designing security bugs like this one.
Fortunately for Apple, Vole spotted the vulnerability, which it nicknamed “Migraine” presumably because it would give the Tame Apple Press a headache trying to explain.
It allows an attacker to perform arbitrary operations on a Mac, hide malicious files from all monitoring tools, and expand the scope of the malware to attack the system’s kernel.
The irony is that SIP was designed as a security mechanism for macOS that stops potential malware from changing folders and files by preventing applications from gaining root access to the operating system.
Microsoft found that SIP could be bypassed by exploiting a special entitlement designed by Apple that grants unrestricted root access to the macOS Migration Assistant tool, which helps users transfer data from a Mac or Windows PC to another Mac.
As the Migration Assistant Tool is usually only accessible during the setup process of a new user account, Microsoft altered the tool to run while the user was still logged in and without physical access to the Mac.
This alteration caused the app to crash, so security researchers ran Setup Assistant in debug mode, disregarding changes to the Migration Assistant Tool.