Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.
The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.
“Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said.
Gatekeeper is a security mechanism designed to ensure that only trusted apps run on the operating system. This is enforced by means of an extended attribute called “com.apple.quarantine” that’s assigned to files downloaded from the internet. It is analogous to the Mark of the Web (MotW) flag in Windows.
Thus when an unsuspecting user downloads a potentially harmful app that impersonates a piece of legitimate software, the Gatekeeper feature prevents the app from being run as it’s not validly signed and notarized by Apple.
images from Hacker News