Microsoft claims it found a flaw in Gatekeeper, a critical security element in macOS, that may have been used by malicious actors to hack unprotected Macs and instal malware.
The vulnerability, identified as CVE-2022-42821, was discovered and named by Microsoft chief security researcher Jonathan Bar Or. Bar Or said that malicious software may bypass Gatekeeper’s defences on macOS due to the flaw.
Gatekeeper is a security feature in macOS that was first released in 2012. Its purpose is to ensure that only authorised programmes may launch. This function ensures that all internet-downloaded programmes come from “notarized” developers whose apps have been verified to be free of dangerous material by Apple.
In a blog post, Microsoft’s Bar Or stated that the “quarantine” tag on downloaded programmes and files via a web browser triggers Gatekeeper’s virus scanning process. The Achilles flaw, however, prohibits web browsers from correctly establishing the quarantine property by exploiting a file permissions model called Access Control Lists (ACLs) to assign excessively restricted rights to a downloaded file.
Using this flaw, an attacker might deceive a macOS user into downloading and opening a malicious file without activating Gatekeeper’s security defences.
The Achilles hole was discovered by Microsoft in July, but it wasn’t patched until only last week, when Apple finally admitted it.
However, according to Bar Or, Apple’s Lockdown Mode, a new optional feature introduced this year to help high-risk users block some of the more sophisticated cyberattacks, would not protect against the Achilles vulnerability because it is designed to prevent “zero-click” attacks, which are launched without any user input. Whatever the user’s Lockdown Mode settings, Bar Or advises that they everyone instal the patch immediately.
Multiple methods of evading Gatekeeper have been discovered in recent years, including Achilles. Threat actors behind the infamous Shlayer malware were able to circumvent Apple’s Gatekeeper and notarization security checks before Apple patched the zero-day vulnerability in macOS in April 2021.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover