Microsoft has revealed that it has discovered a major flaw in Apple’s macOS that could allow threat actors to bypass the operating system’s security protocols and run all kinds of software. . malware on vulnerable final point.
The vulnerability was shared with Apple and subsequently patched.
in one blog post (opens in a new tab) detailing the findings, Microsoft said in late July that its researchers discovered a way to bypass Gatekeeper’s security mechanism and run untrusted apps on the device. target. Gatekeeper is a security feature that enforces code signing and verifies downloaded applications before they are allowed to run.
Apple fixes the problem
Due to Apple’s reliance on Gatekeeper to protect macOS users, Microsoft has named the vulnerability “Achilles”. It informed the company of its findings through Coordinated Vulnerability Disclosure (CVD) through Microsoft Security Vulnerability Research (MSVR), and Apple “rapidly” released a patch for all versions of macOS.
Achilles is currently being tracked with code CVE-2022-42821 and is described on CVE.mitre.org as a “logic problem” that has been resolved with improved tests. The website says this issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, and macOS Ventura 13.
Microsoft also said it was not possible to remove the vulnerability using Apple’s Lock Mode, suggesting that applying a patch is the only way forward. Lock Mode, introduced in macOS Ventura, is an optional high-risk user protection feature designed to prevent clickless remote code execution exploits. Therefore, Microsoft said, it is not against Achilles.
“End users should apply the fix regardless of their Lock Mode status,” the announcement read.
Microsoft says Gatekeeper can be an important part of preserving the macOS environment, but it’s not without flaws. Apparently, rogue apps are one of the most common attack vectors in the Apple ecosystem, suggesting that Gatekeeper bypass techniques are an “attractive and even necessary capability” for attackers. attack.
