System Integrity Protection

E263158

System Integrity Protection is a macOS security technology that restricts even administrative users and processes from modifying critical system files and resources to protect the operating system from malware and accidental damage.

All labels observed (2)

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf macOS security feature
operating system protection mechanism
affects third-party software that expects write access to system locations
allows Apple-signed installers with proper entitlements to modify protected content
software updates by Apple to modify protected areas
alsoKnownAs SIP
appliesTo even administrative users
processes running as root
canBeDisabled true
category computer security
macOS internals
configurableFrom macOS Recovery environment
configurationTool csrutil
defaultState enabled
designedToBlock persistence mechanisms used by some malware
root-level tampering with system files
developedBy Apple Inc.
disablingRequires administrative privileges
booting into Recovery OS
documentationURL https://support.apple.com/en-us/HT204899
effect reduces attack surface for privilege escalation exploits
enforcementLevel kernel level
low-level system security
implementedIn Darwin-based macOS kernel
introducedInVersion OS X El Capitan
introducedInVersionNumber 10.11
introducedInYear 2015
operatingSystem macOS
platform Mac
primaryGoal mitigate malware impact
prevent accidental system damage
protect system files and resources from modification
protectsComponent pre-installed Apple system applications
system binaries
system-owned processes
protectsDirectory /System
/bin
/sbin
/usr (excluding /usr/local)
/var (certain paths)
relatedConcept rootless security model
relatedTo Gatekeeper
XProtect
macOS sandboxing
restricts injection of code into protected system processes
loading of unsigned kernel extensions by default
modification of certain system directories
modification of protected system files
scope system-level files and processes, not user home directories

How these facts were elicited

Referenced by (4)

Full triples — surface form annotated when it differs from this entity's canonical label.

Mac hasSecurityFeature System Integrity Protection
Apple operating systems securityFeature System Integrity Protection
this entity surface form: System Integrity Protection (macOS)
macOS Big Sur securityFeature System Integrity Protection
macOS Sequoia supportsSecurityFeature System Integrity Protection