 |
| Microsoft discovers a vulnerability in macOS that allows security checks to be bypassed |
Apple has fixed a vulnerability that could allow attackers to spread malware to vulnerable macOS computers using untrusted apps that can bypass Gatekeeper restrictions.
Jonathan Bar-Orr, Senior Security Researcher at Microsoft discovered the vulnerability known as Achilles, tracked as CVE-2022-42821, and reported it to Apple.
Apple fixed the vulnerability on December 13 in the following versions of macOS: macOS 13 Ventura, macOS 12.6.2 Monterey, and macOS 1.7.2 Big Sur.
Of note, Gatekeeper is a security feature of macOS that automatically verifies that all apps downloaded from the Internet are trusted and signed by original Apple-approved developers and prompts users to confirm the app before using or launching it, or turns on the notification if the app is part of it. We can trust him.
This is accomplished by checking the com.apple.quarantine extended attribute that web browsers set for all downloaded files, similar to Microsoft Windows' web tagging feature.
The Achilles vulnerability allows malicious payloads to abuse logic problems to set permissions on restricted access control lists, preventing web browsers and downloaders from the Internet from setting the com.apple.quarantine property to download archived payloads as ZIP files do.
As a result, malicious applications can run from malicious payloads archived on a victim's computer instead of being blocked by Gatekeeper, allowing attackers to download and distribute malware.
Microsoft said Monday that Apple's Lockdown Mode is designed to prevent attacks where code is executed remotely without the victim's intervention, which means it doesn't protect users from Achilles. Lockdown Mode was introduced with macOS Ventura as an optional protection feature for high-risk users who are personally vulnerable to sophisticated cyberattacks.
The Microsoft Threat Intelligence Analysis team added that end users should apply the patch regardless of the shutdown status.
The vulnerability is one of many security vulnerabilities discovered in recent years, many of which have been exploited by online attackers to bypass macOS security mechanisms on fully patched devices.
The list of security mechanisms for the system includes: Gatekeeper, File Quarantine and System Integrity Protection.