Microsoft says a vulnerability it found in a core macOS safety function, Gatekeeper, may have allowed attackers to compromise weak Macs with malware.
The flaw, tracked as CVE-2022-42821, was first uncovered by Microsoft principal safety researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or mentioned the bug may enable malware to skirt Gatekeeper’s protections on macOS.
First launched in 2012, Gatekeeper is a safety function designed to permit solely trusted software program to run on macOS. The function robotically verifies that each one apps downloaded from the web are from recognized builders who have been “notarized” by Apple, and whose apps are identified to be freed from malicious content material.
Microsoft’s Bar Or defined in a blog post that macOS provides a “quarantine” attribute to apps and information which have been downloaded from an internet browser and instructs Gatekeeper to verify the file earlier than it may be opened. However the Achilles vulnerability exploits a file permissions mannequin known as Entry Management Lists (ACLs) so as to add extraordinarily restrictive permissions to a downloaded file, which prevents internet browsers from correctly setting the quarantine attribute.
In exploiting the bug, a consumer might be tricked into downloading and opening a malicious file on macOS with out triggering Gatekeeper’s safety protections.
Microsoft reported the Achilles flaw in July, however Apple didn’t acknowledge the vulnerability was fastened until last week.
Bar Or mentioned that Lockdown Mode, an opt-in Apple function launched earlier this yr to assist high-risk customers block a few of the extra subtle cyberattacks, wouldn’t defend in opposition to the Achilles vulnerability, since Lockdown Mode is geared toward stopping silent and remotely triggered “zero-click” assaults that require no consumer interplay. “Finish-users ought to apply the repair no matter their Lockdown Mode standing,” mentioned Bar Or.
Achilles is only one of many Gatekeeper bypasses which have been uncovered in recent times. In April 2021, Apple fastened a zero-day vulnerability in macOS that enabled the menace actors behind the infamous Shlayer malware to bypass Apple’s Gatekeeper and notarization safety checks.