Microsoft says a flaw it discovered in Gatekeeper, a core macOS security feature, could allow attackers to compromise vulnerable Macs with malware.
The defect is tracked as CVE-2022-42821, first discovered by Microsoft Principal Security Researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or said the flaw could allow malware to bypass Gatekeeper’s protections on macOS.
First introduced in 2012, Gatekeeper is a security feature designed to allow only trusted software to run on macOS.This feature automatically verifies that all applications downloaded from the Internet are from identified developers Has been “notarized” by Appleand its apps are known to be free of malicious content.
Microsoft’s Bar or explain in a blog post macOS adds a “quarantine” attribute to applications and files downloaded from web browsers and instructs Gatekeeper to check the files before opening them. But the Achilles vulnerability exploits a file permissions model known as an Access Control List (ACL) to add extremely strict permissions to downloaded files, preventing Web browsers from properly setting quarantine attributes.
When exploiting this vulnerability, a user could be tricked into downloading and opening a malicious file on macOS without triggering Gatekeeper’s security protections.
Microsoft reported the Achilles vulnerability in July, but Apple has not acknowledged that it has been fixed until last week.
bar or say lock mode, an opt-in Apple feature introduced earlier this year to help high-risk users thwart some of the more sophisticated cyberattacks, does not protect against the Achilles vulnerability, as Lockdown Mode is designed to prevent silent and remotely triggered “zero-clicks” The attack does not require user interaction. “End users should apply the fix regardless of the state of Lockdown Mode,” Bar Or said.
Achilles is just one of many Gatekeeper bypass methods discovered in recent years. In April 2021, Apple patched a zero-day vulnerability in macOS that enabled the threat actor behind the notorious hacker Shlayer malware bypasses Apple’s Gatekeeper and notary security checks.