macOS 'Migraine' Exploit Capable of Bypassing System Integrity Protection Detected by Microsoft

Microsoft identified the exploit in a macOS tool used to migrate data from a Windows PC to a Mac, or from one Mac to another.

Advertisement
Written by David Delima, Edited by Siddharth Suvarna | Updated: 31 May 2023 17:59 IST
Highlights
  • Microsoft detected a flaw that could allow modification of system files
  • System Integrity Protection was first introduced on macOS in 2015
  • Apple has patched the security vulnerability with macOS 13.4

Users who have updated to macOS 13.4 should be protected against the Migraine exploit

Photo Credit: Apple

Microsoft recently detected a security exploit that could allow attackers to bypass a core security feature on computers running on macOS. Dubbed "Migraine", the vulnerability can be used to sidestep Apple's System Integrity Protection (SIP) on macOS — a feature that protects parts of the operating system related to system integrity by restricting access to certain files — and install malware on a victim's computer. Microsoft warned Apple about the security flaw and the Cupertino company has patched the flaw with its latest security update.

According to details shared by Microsoft in a blog post, the "Migraine" security exploit relies on Migration Assistant, a tool provided by Apple to allow users to transfer files from one Mac to another or from a Windows PC to a Mac. The Migration Assistant app from Apple has unrestricted root access that allows it to perform its data transfer function, and security researchers at Microsoft leveraged the special 'entitlement' given to the tool, for the exploit.

Advertisement

After modifying the Migration Assistant to run without logging off a user, Microsoft was able to run the tool in debug mode to bypass a signature check. The company used a 1GB Time Machine backup with malicious software, using a script to cause Migration Assistant to import the backup and infect the host system. The entire process bypassed the System Integrity Protection feature that was first introduced on macOS in 2015.

Microsoft's modified Migration Assistant can function without signing out
Photo Credit: Microsoft

Advertisement

 

It is worth noting that the Migration Assistant is typically available during user setup, which means that an attacker would need to have local access to a machine. Microsoft says that the arbitrary system bypasses like Migraine could create files that are protected by SIP, the same mechanism that it bypasses, making deletion very difficult. Attackers can also run arbitrary kernel code and tamper with the system to enable rootkits. Microsoft adds that these exploits can also be used to gain access to private data as well as computer accessories and devices.

Advertisement

Users who have updated their computers to macOS 13.4 after it was rolled out on May 18 should be safe from the exploit, which has been patched by Apple. Microsoft disclosed the security flaw to Apple, allowing the firm to roll out a fix for the issue. Meanwhile, the company has thanked Microsoft's Jonathan Bar Or, Anurag Bohra, and Michael Pearse for identifying the exploit.


Google I/O 2023 saw the search giant repeatedly tell us that it cares about AI, alongside the launch of its first foldable phone and Pixel-branded tablet. This year, the company is going to supercharge its apps, services, and Android operating system with AI technology. We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Redmi Note 17 Pro Launched With Snapdragon 6s Gen 4 and 9,000mAh Battery
  2. StepFun Unveils StepX Neo as World's First Agentic Smartphone
  3. Huawei Pura 90s Pro Series Debuts With Kirin 9030S Chip, 6,000mAh Batteries
  4. Redmi Note 17 With an 8,000mAh Battery Debuts at This Price
  5. OnePlus Is Reportedly Preparing to Withdraw From These Two Markets
  6. Google Pixel 11 Series Gets Listed on the US FCC Database Ahead of Its Debut
  7. Nvidia's GeForce Now Cloud Gaming Service Is Finally Available in India
  8. HMD Asha 505 Render Leaked Revealing Lumia 830-Like Design
  9. Realme C100x India Launch Date Announced; Here's How Much It Might Cost
  10. iQOO 16, Neo 12 and Z12 Turbo May Debut With These Big Battery Upgrades
  1. Huawei Pura 90s Pro, Pura 90s Pro Max Launched With Kirin 9030S Chip, 6,000mAh Batteries: Price, Features
  2. Redmi Note 17 Launched With 8,000mAh Battery, 50-Megapixel Rear Camera: Price, Specifications
  3. UK Tokenisation Drive May Boost Annual Output by $44 Billion: Report
  4. Redmi Note 17 Pro Launched With Snapdragon 6s Gen 4 and 9,000mAh Battery: Price, Features
  5. Japan’s SBI VC Trade Expands Stablecoin Services With 3 Percent Lending Yield
  6. Meta Pulls Muse AI Image Feature Less Than a Week After User Backlash Highlights Privacy Risks
  7. HMD Asha 505 Surfaces Online With Lumia-Inspired Design, 5-Inch Display in New Leaked Renders
  8. Honor Robot Phone Leak Reveals Key Specifications Ahead of Long-Awaited Debut
  9. Acer Aspire 3 (2026) Launched in India With Up to 15.6-Inch Display, Intel Celeron N4500 Processor: Price, Features
  10. Realme C100x India Launch Date Announced; Leaked Image of Retail Box Hints at Price in India
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.