{"id":203770,"date":"2025-01-15T04:08:05","date_gmt":"2025-01-15T10:08:05","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/01\/microsoft-uncovers-macos-vulnerability-cve-2024-44243-allowing-rootkit-installation"},"modified":"2025-01-15T04:08:05","modified_gmt":"2025-01-15T10:08:05","slug":"microsoft-uncovers-macos-vulnerability-cve-2024-44243-allowing-rootkit-installation","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/01\/microsoft-uncovers-macos-vulnerability-cve-2024-44243-allowing-rootkit-installation","title":{"rendered":"Microsoft Uncovers macOS Vulnerability CVE-2024\u201344243 Allowing Rootkit Installation"},"content":{"rendered":"

<\/a><\/p>\n

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as \u201croot\u201d to bypass the operating system\u2019s System Integrity Protection (SIP<\/a>) and install malicious kernel drivers by loading third-party kernel extensions.<\/p>\n

The vulnerability in question is CVE-2024\u201344243<\/a><\/strong> (CVSS score: 5.5), a medium-severity bug that was addressed by Apple as part of macOS Sequoia 15.2<\/a> released last month. The iPhone maker described it as a \u201cconfiguration issue\u201d that could permit a malicious app to modify protected parts of the file system.<\/p>\n

\u201cBypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, bypass Transparency, Consent and Control (TCC), and expand the attack surface for additional techniques and exploits,\u201d Jonathan Bar Or of the Microsoft Threat Intelligence team said<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as \u201croot\u201d to bypass the operating system\u2019s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024\u201344243 (CVSS score: 5.5), a medium-severity bug [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1512],"tags":[],"class_list":["post-203770","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-mobile-phones"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/203770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=203770"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/203770\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=203770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=203770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=203770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}