New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

System Integrity Protection Inexplicably Disabled by Default on Some New MacBook Pro Models

Since OS X El Capitan, the operating system that runs on Macs has been protected by a feature called System Integrity Protection (SIP), which is designed to keep your Mac safe from malware by restricting the permissions of the root user account and preventing unauthorized access to protected files and folders.

System Integrity Protection runs behind the scenes and is generally enabled by default in Macs running OS X El Capitan or later, but it seems the feature is inexplicably turned off on some new MacBook Pro models, leaving them vulnerable.

macbook_pro_sip_off
Developer Jonathan Wight noticed System Integrity Protection was disabled on some machines and tweeted about it this morning, prompting developer Steven Troughton-Smith to do an informal Twitter survey asking users about the status of their new machines.


System Integrity Protection is indeed disabled out of the box on a number of 13 and 15-inch MacBook Pro models, including one machine owned by MacRumors. Not all MacBook Pro models are affected, however, as there are users who are reporting that System Integrity Protection is turned on as expected.

As outlined in Apple's developer documentation, users can check whether SIP is turned on by entering the "csrutil status" command in Terminal. Enabling SIP requires booting into Recovery mode, turning it on using Terminal, and rebooting.

Apple is aware of the issue and will undoubtedly deliver a fix for the issue in an update, but timing for a release is unknown.

Related Roundup: MacBook Pro
Buyer's Guide: MacBook Pro (Neutral)


Top Rated Comments

(View all)

18 weeks ago
Their quality control is getting ridiculous now.
Rating: 41 Votes
18 weeks ago
Next year announcement: we have done it with courage! Apple antivirus, only 99.99 in the app store! XD
Rating: 12 Votes
18 weeks ago
Yay for quality control.

It's like a car manufacturer releasing a car with no brake pads.

But those emojis, am I right?

I think Tim would fire someone if an emoji was missing. But this will get a patch in a month or two.
Rating: 10 Votes
18 weeks ago
Courage mode activated
Rating: 9 Votes
18 weeks ago

Mine is off, but I did that by myself cause I hate to not have control of my system.


So do the hackers who just pwned you.
Rating: 9 Votes
18 weeks ago
The NSA forgot to turn it back on after they made some minor adjustments while it was waiting to "clear" customs...
Rating: 8 Votes
18 weeks ago
Mine is off, but I did that by myself cause I hate to not have control of my system.
Rating: 5 Votes
18 weeks ago
SIP is an annoying 'feature' at best - especially if you do a lot of partition creation, deployment and EFI work.

We managed to not destroy the root file system for over a decade of macOS but now people flip out at the idea of SIP being turned off.
Rating: 4 Votes
18 weeks ago

Yay for quality control.

It's like a car manufacturer releasing a car with no brake pads.

But those emojis, am I right?

I think Tim would fire someone if an emoji was missing. But this will get a patch in a month or two.


Bold: That's a bad analogy, you won't die if SIP is off, you could die if you don't have brakes.

Terrible news after terrible news non-stop for this product, glad I'm not shelling out nearly 3 grand on a half-baked disaster for somewhat decent specs... :p


This isn't so bad, we used OS X without sip for more than a decade, we can live without it for another decade.
Rating: 4 Votes
18 weeks ago

As I thought about it again...wouldn't this be okay as long as you know what you're downloading and installing? or is there more to that then installing 3rd party (non-registered) programs?


If you use your brain you won't need SIP at all, I survived 15 years on OS X without any problems.

SIP is the first real line of defense against hostile code. There are all kinds of bypasses for code signing, but when you disable SIP, you are leaving your system wide open to be rooted. It's crazy to leave it off on any system you live on.


It's by no means as bad as you say it is, there is malware for MacOS (X) but believe me it is very rare to get infected.
Rating: 4 Votes

[ Read All Comments ]