New macOS Vulnerability Lets Attackers Bypass Apple’s System Integrity Protection

Main Takeaways

Attackers can exploit specially entitled system processes to circumvent SIP protections and execute arbitrary code at a privileged level. The vulnerability was reported responsibly and fixed in macOS updates released in December 2024; users and administrators should apply updates immediately and monitor for suspicious activity involving processes with special entitlements.

Researchers discovered that certain macOS daemons and entitlements — for example, an entitlement used by a disk-management daemon — could be abused to install and run custom filesystem bundles or kernel extensions without the usual SIP validations. An attacker who already has root on the machine or can drop a malicious filesystem bundle can use these privileged processes to escalate their control, bypass integrity checks, and persist across reboots.

Technical summary

The core of the issue lies in how macOS handles specially entitled processes and filesystem bundles:

• Some system daemons are given entitlements that let them perform otherwise restricted operations (mounting, repairing, probing filesystems).
• If a malicious actor can place a crafted filesystem bundle in certain locations, those entitled daemons may invoke binaries from the bundle (via normal mount/repair flows) without enforcing the same SIP restrictions.
• Because the invoked binaries run with the daemon’s privileges, they can perform actions normally blocked by SIP — such as loading kernel extensions or modifying protected system components.
• The attack surface includes userland filesystem bundles installed under system or library filesystem directories, and interactions between disk arbitration/mounting services and storage-management daemons.

In practice, the exploit path often requires local write access to /Library/Filesystems (or equivalent) or an initial local privilege that lets the attacker drop the malicious bundle. Once in place, the entitled system services can be leveraged to run code in a way that sidesteps SIP protections.

SIP is a cornerstone of macOS security, designed to blunt many common escalation and persistence techniques. A reliable bypass means attackers can:

• Install kernel extensions or rootkits that survive reboots.
• Disable or tamper with endpoint protection and system telemetry.
• Make forensic detection and remediation much harder by operating under the guise of legitimate system processes.

Even though exploitation typically needs an initial local foothold, chaining this bug with other vulnerabilities turns it into a powerful escalation primitive.

Affected systems

The issue was addressed in the December 11, 2024 security updates. Systems that have not applied those updates remain at risk — especially devices that run third-party filesystem drivers or tools from vendors that register filesystem bundles (for example, some disk utilities and file-system drivers). Environments with unmanaged or BYOD Macs, or where users have elevated local privileges, are the highest risk.

How to mitigate

First and foremost: apply the vendor patch. Beyond updating, organizations should:

• Monitor processes with special entitlements for unusual child processes or unexpected invocations.
• Alert on new or unexpected filesystem bundles placed in system or library filesystem directories.
• Limit which third-party filesystem drivers are installed; remove unneeded vendor drivers and tools.
• Use endpoint telemetry to detect unusual posix_spawn/mount/repair activity originating from storage-management daemons.
• Enforce least privilege on endpoints so attackers cannot easily write to system locations.
• Maintain up-to-date endpoint protection and EDR rules that look for anomalous behaviors rather than solely relying on file signatures.

Apple released a patch in December 2024 to close this issue; administrators should verify patch deployment across fleets and prioritize any machines that host third-party filesystem drivers. Where available, enable enhanced monitoring (EDR, process-spawn visibility) and consider blocking or tightly controlling installers that add filesystem bundles.

Finally, because the technique abuses legitimate entitlements and system flows, defenders should treat unexpected activity from entitled daemons as high-risk and investigate promptly.