Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

This critical exploit could let hackers bypass your Mac’s defenses

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

If a piece of malware can simply sneak past SIP, though, it can do untold damage — and that’s just what Migraine is capable of.

Ordinarily, the only way to disable SIP is to restart your Mac in Recovery mode, enter a specific command into the Terminal, then restart again. That means you need to be present in front of the computer in question, which on the surface should make exploits like Migraine untenable.

However, Migraine doesn’t actually require physical access to the target device, meaning a hacker could activate it remotely and gain unauthorized admission to the most sensitive parts of your Mac.

Instead, Migraine abuses macOS’ built-in Migration Assistant utility, which contains SIP-bypassing capabilities. Microsoft’s researchers found that a person can automate the utility’s migration process with AppleScript, add a malicious payload to the SIP exclusions list, then launch it on the target Mac. All of this could be done without restarting the computer or booting from macOS Recovery mode.

Update your Mac now

Window's new Microsoft Security Experts program works to protect users from cybercrime using.

Getting past the protections offered up by SIP gives malware writers significant powers to harm your Mac. They could bypass Apple’s Transparency, Consent, and Control (TCC) policies, for example, which would grant them access to your private data. Or they could craft SIP-protected malware that can’t be deleted using normal methods.

That all makes this vulnerability a very high priority to get fixed. Fortunately, Apple and Microsoft have been working hand in hand to do just that. Microsoft alerted Apple as soon as it discovered the vulnerability, and Apple was able to quickly roll out a fix in various updates: macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, all of which were released on May 18.

It’s not the first time that an exploit has been found that can access extremely important data on your Mac. If anything, Migraine illustrates exactly why you should always keep your Mac up to date and install security fixes as soon as they become available. Doing that should help you stay on top of headache-inducing threats like Migraine.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more
This dangerous new Mac malware steals your credit card info
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

Read more