5 comments

[ 0.25 ms ] story [ 20.6 ms ] thread
brilliant marketing
maybe but it is also a damn interesting article with great technical depth.
> Assuming an attacker first gains code execution capabilities as root, setting environment variables that affect systemmigrationd and its child processes is straightforward using the launchctl utility

> Assuming an attacker first gains code execution capabilities as root

I am a cybersecurity noob but, while the impact of this attack is high this is the eye of the needle that the attack must pass through?

I get that there are attacks that can get you root on MacOS (e.g. Dirty Cow or Mickey Jin's attacks) but what does this attack say about wider potential for disabling SIP?

It's really a marketing article about the AI capabilities of Microsoft Defender, yeah?

See the “Implications of arbitrary SIP bypasses” section in the article.
I reread the section and I don’t find it answers my question.

I am asking for a general evaluation of the article from someone with more knowledge.