Menu Close

Apple fixes bug that let malicious apps skirt macOS’ security protections

Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware.

The flaw, tracked as CVE-2022-42821, was first uncovered by Microsoft principal security researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or said the bug could allow malware to skirt Gatekeeper’s protections on macOS.

First introduced in 2012, Gatekeeper is a security feature designed to allow only trusted software to run on macOS. The feature automatically verifies that all apps downloaded from the internet are from identified developers who have been “notarized” by Apple, and whose apps are known to be free of malicious content.

Microsoft’s Bar Or explained in a blog post that macOS adds a “quarantine” attribute to apps and files that have been downloaded from a web browser and instructs Gatekeeper to check the file before it can be opened. But the Achilles vulnerability exploits a file permissions model called Access Control Lists (ACLs) to add extremely restrictive permissions to a downloaded file, which prevents web browsers from  properly setting the quarantine attribute.

In exploiting the bug, a user could be tricked into downloading and opening a malicious file on macOS without triggering Gatekeeper’s security protections.

Microsoft reported the Achilles flaw in July, but Apple didn’t acknowledge the vulnerability was fixed until last week.

Bar Or said that Lockdown Mode, an opt-in Apple feature introduced earlier this year to help high-risk users block some of the more sophisticated cyberattacks, would not defend against the Achilles vulnerability, since Lockdown Mode is aimed at stopping silent and remotely triggered “zero-click” attacks that require no user interaction. “End-users should apply the fix regardless of their Lockdown Mode status,” said Bar Or.

Achilles is just one of many Gatekeeper bypasses that have been uncovered in recent years. In April 2021, Apple fixed a zero-day vulnerability in macOS that enabled the threat actors behind the notorious Shlayer malware to bypass Apple’s Gatekeeper and notarization security checks.

Apple fixes bug that let malicious apps skirt macOS’ security protections by Carly Page originally published on TechCrunch

Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware. The flaw, tracked as CVE-2022-42821, was first uncovered by Microsoft principal security researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or said the bug could allow malware to skirt Gatekeeper’s
Apple fixes bug that let malicious apps skirt macOS’ security protections by Carly Page originally published on TechCrunch   TechCrunch 

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami