Home / News / Industry / Apple resolves a flaw that allowed malicious programs to bypass the security measures in macOS

Apple resolves a flaw that allowed malicious programs to bypass the security measures in macOS

According to Microsoft, a flaw it found in Gatekeeper, a key component of macOS security, might have allowed attackers to infect unprotected Macs with malware.

The “Achilles” vulnerability was first identified as CVE-2022-42821 by Jonathan Bar Or, a chief security researcher for Microsoft. According to Bar Or, the flaw might allow malware to bypass Gatekeeper’s security measures on macOS.

Gatekeeper is a security feature that was first launched in 2012 and is intended to only enable trusted apps to operate on macOS. All apps downloaded from the internet are automatically verified by the feature to be from known developers whose programs have been “notarized” by Apple and are confirmed to be devoid of dangerous content.

MacOS adds a “quarantine” characteristic to programs and files that have been downloaded from a web browser and asks Gatekeeper to examine the file before it can be opened, according to an explanation from Microsoft’s Bar Or in a blog post. Web browsers are unable to properly set the quarantine attribute due to the Achilles vulnerability, which adds extremely restricted rights to a downloaded file using the Access Control Lists (ACLs) file permissions paradigm.

By taking advantage of the flaw, a user could be persuaded to download and run a malicious file on macOS without invoking Gatekeeper’s security measures.

Apple didn’t admit that the Achilles’ heel vulnerability had been addressed until this week, despite Microsoft having disclosed it in July.

Lockdown Mode, an opt-in Apple feature unveiled earlier this year to assist high-risk users stop some of the more sophisticated cyberattacks, wouldn’t protect against the Achilles vulnerability, according to Bar Or, because Lockdown Mode is designed to stop silent and remotely triggered “zero-click” attacks that don’t require user interaction. Regardless of whether they are in Lockdown Mode or not, Bar Or advised end users to deploy the update.

One of the many Gatekeeper bypasses discovered in recent years is Achilles. Apple patched a zero-day flaw in macOS in April 2021 that had allowed the threat actors responsible for the infamous Shlayer malware to get beyond Gatekeeper and notarization security procedures.

About Chambers

Check Also

The Air Force has abandoned its attempt to install a directed-energy weapon on a fighter jet, marking another failure for airborne lasers

The U.S. military’s most recent endeavor to create an airborne laser weapon, designed to safeguard …