Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.

System Integrity Protection (SIP), or 'rootless,' is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account's powers in protected areas.

SIP allows only Apple-signed processes or those with special entitlements, such as Apple software updates, to modify macOS-protected components. Disabling SIP normally requires a system restart and booting from macOS Recovery (the built-in recovery system), which requires physical access to a compromised machine device.