Product reviews, deals and the latest tech news

Possibly dangerous macOS flaw discovered by Microsoft

Microsoft has announced it has identified a critical flaw in Apple’s macOS that may have allowed attackers to circumvent the operating system’s security mechanisms and instal malware on unprotected endpoints.

The flaw was reported to Apple, and the company quickly released a fix.

The company’s experts found a technique to circumvent Gatekeeper in late July, according to a blog post explaining the results. Gatekeeper is a safety mechanism that checks the integrity of downloaded apps and requires them to be signed by the developer before they can be used.

Apple resolves the problem

Windows maker Microsoft has called the flaw “Achilles” because of Gatekeeper’s vital role in macOS security. In a coordinated vulnerability disclosure (CVD) process, Microsoft Security Vulnerability Research (MSVR) informed the firm of its discoveries, prompting Apple to “immediately” issue a fix for all affected versions of macOS.

The website now identifies Achilles as CVE-2022-42821 and describes it as a “logic problem” fixed with better checks. The site claims that versions of macOS Monterey 12.6.2, Big Sur 11.7.2, and Ventura 13 all have a cure for this problem.

Also, Microsoft claims that Apple’s Lockdown Mode won’t be able to completely eradicate the vulnerability, making the fix the sole option. Mac OS Ventura included a new security mode called Lockdown Mode, which is intended to prevent high-risk users against zero-click remote code execution attacks. Microsoft claims, then, that it offers no protection against the Achilles vulnerability.

In spite of whether or not they are in Lockdown Mode, users are urged to apply the patch.

Microsoft has said that while Gatekeeper is an important aspect of macOS security, it is not without its weaknesses. Fake applications appear to be a common means of penetration into the Apple ecosystem, which indicates that methods for getting over Gatekeeper are a “attractive and even vital skill” for hackers.