System Integrity Protection Inexplicably Disabled by Default on Some New MacBook Pro Models
Since OS X El Capitan, the operating system that runs on Macs has been protected by a feature called System Integrity Protection (SIP), which is designed to keep your Mac safe from malware by restricting the permissions of the root user account and preventing unauthorized access to protected files and folders.
System Integrity Protection runs behind the scenes and is generally enabled by default in Macs running OS X El Capitan or later, but it seems the feature is inexplicably turned off on some new MacBook Pro models, leaving them vulnerable.
Developer Jonathan Wight noticed System Integrity Protection was disabled on some machines and tweeted about it this morning, prompting developer Steven Troughton-Smith to do an informal Twitter survey asking users about the status of their new machines.
Consensus seems to be that some (but not all) Touch Bar models are shipping with SIP disabled. No reports of a non-Touch Bar/Escape doing so — Steve T-S (@stroughtonsmith) November 17, 2016
System Integrity Protection is indeed disabled out of the box on a number of 13 and 15-inch MacBook Pro models, including one machine owned by MacRumors. Not all MacBook Pro models are affected, however, as there are users who are reporting that System Integrity Protection is turned on as expected.
As outlined in Apple's developer documentation, users can check whether SIP is turned on by entering the "csrutil status" command in Terminal. Enabling SIP requires booting into Recovery mode, turning it on using Terminal, and rebooting.
Apple is aware of the issue and will undoubtedly deliver a fix for the issue in an update, but timing for a release is unknown.