Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340
Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d
Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac
TL;DR The below is off topic which I still find relevant in connection with the previous post, but you might want to skip it if came here for MDM bypass
* SIP interventions have been there for a long time, obviously before 'Cryptexes' recently appeared in Ventura, which are in fact privileged DMG mounts 'stitched' using firm-links, without the restrictions of castrated "synthetic" mounts available to a mere mortal
And it's been always possible, or, at least for a long while, for the whole Safari thing to be upgradable without OS reboot. That covers obviously the app itself, as well as up to a dozen of its daemons / public and private frameworks / supporting files / name it.
It all resides in
/Library/Apple/System/
on Data volume.Looks the same is now applicable for the potentially error prone components previously seen part of System volume, by just plugging another DMG, stitching it with the system, with (allegedly) less buggy stuff.
** Unfortunately, there are now more justified reasons to disable SIP; one of disappointments comes e.g. with one's trying to disable system daemons seeing the most of them risen up from the hell again (agents as well, by the way).
Good to mention, that's only in Full Security mode and is not forced in reduced security. But Reduced Security kills Apple Pay. Still not enough for a full scale drama as it's not an iPhone in fact, for it to honour Apple Pay that seriously. Anyway, I find this frustrating enough, but pretty logical from the security perspective to control the environment which is crucial for achieving "proper" security level (as per Apple treatment of what the proper security level should be).
Along with the security related daemons, the dozens of services which are absolutely not crucial for security (from the first glance), are up as well. Funny that it's also additional attack surface, with impacts ranging from relatively innocent to pretty severe.
But, IMO, having all this up and running, in the combination along with the trusted boot chain, plus what's now called Sealed System Volume, allows Apple to fully take over the security of macOS, without the interference coming from false-positive security reporting and other noise caused by hacky users (apparently suffered being hacked by ones who occurred to be slightly hackier, thanks to the first cohort's lifting the security measures).