Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

This critical exploit could let hackers bypass your Mac’s defenses

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

If a piece of malware can simply sneak past SIP, though, it can do untold damage — and that’s just what Migraine is capable of.

Recommended Videos

Ordinarily, the only way to disable SIP is to restart your Mac in Recovery mode, enter a specific command into the Terminal, then restart again. That means you need to be present in front of the computer in question, which on the surface should make exploits like Migraine untenable.

Please enable Javascript to view this content

However, Migraine doesn’t actually require physical access to the target device, meaning a hacker could activate it remotely and gain unauthorized admission to the most sensitive parts of your Mac.

Instead, Migraine abuses macOS’ built-in Migration Assistant utility, which contains SIP-bypassing capabilities. Microsoft’s researchers found that a person can automate the utility’s migration process with AppleScript, add a malicious payload to the SIP exclusions list, then launch it on the target Mac. All of this could be done without restarting the computer or booting from macOS Recovery mode.

Update your Mac now

Window's new Microsoft Security Experts program works to protect users from cybercrime using.
Windows

Getting past the protections offered up by SIP gives malware writers significant powers to harm your Mac. They could bypass Apple’s Transparency, Consent, and Control (TCC) policies, for example, which would grant them access to your private data. Or they could craft SIP-protected malware that can’t be deleted using normal methods.

That all makes this vulnerability a very high priority to get fixed. Fortunately, Apple and Microsoft have been working hand in hand to do just that. Microsoft alerted Apple as soon as it discovered the vulnerability, and Apple was able to quickly roll out a fix in various updates: macOS Ventura 13.4, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, all of which were released on May 18.

It’s not the first time that an exploit has been found that can access extremely important data on your Mac. If anything, Migraine illustrates exactly why you should always keep your Mac up to date and install security fixes as soon as they become available. Doing that should help you stay on top of headache-inducing threats like Migraine.

Alex Blake
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
As a recent Mac convert, here’s what has surprised me most
Apple MacBook Pro 16 front view showing display and keyboard.

When I transitioned to all-Apple computing, I knew there would be challenges. I assumed there would be many days and weeks of awkwardness before I truly felt at home on my Mac (and iPad, iPhone, and Apple Watch).

That's why it surprised me when I discovered how smooth much of the transition actually was. Here's everything I learned along the way, along with some tips on how I made it as seamless as possible.
Retraining my muscle memory
Both Windows and macOS have various features and functionality that aren't exactly hidden, but aren't entirely intuitive, either. Things like keyboard shortcuts, settings, windows management, and more build up over time. They get burned into our muscle memory, both physically and mentally. Switching to a new platform requires unlearning the old and learning the new.

Read more
I love Macs. But here are 5 reasons I keep coming back to Windows
Windows 11 set up on a computer.

Thanks to the massive success of Apple Silicon, Macs have become increasingly tempting. Plenty of folks are heading back to the Mac for the first time in years, and in doing so, making the dramatic switch from Windows 11 to macOS.

When it comes to these operating systems, though, they're not equal across the board. And in the end, here are the five things that keep me coming back to Windows 11.
Device support

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more