Microsoft reports macOS Gatekeeper has an ‘Achilles’ heel

Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple’s Gatekeeper security software “for initial access by malware and other threats.” 

Dubbed “Achilles,” (which sounds sexier than CVE-2022-42821) Microsoft researchers said the vulnerability was discovered in late July, and quickly patched by Apple in all affected versions of its OSes after the team followed responsible disclosure. 

Regardless of that fix, it’s still critical for macOS users to patch their systems to the latest protected versions, Microsoft said, because Apple’s much-touted Lockdown Mode isn’t designed to protect against Achilles-style threats.

“End-users should apply the fix regardless of their Lockdown Mode status,” Microsoft said. 

How to distract a Gatekeeper

Gatekeeper has been a part of macOS for a decade and is used to validate that apps are signed and notarized before allowing them to be launched. If an app isn’t recognized, Gatekeeper blocks it by default, though this can be overridden by a user that is willing to accept the risk.

With Achilles, however, Microsoft’s proof of concept was able to take advantage of how macOS deploys access control lists (ACLs) to completely bypass Gatekeeper

Infections with macOS are often the result of users running malicious apps, Microsoft principal security researcher Jonathan Bar Or wrote in the company’s report on the bug. He said that Apple has imposed “strong security mechanisms” on macOS to combat the use of disguised malware or legitimate-but-infected apps

Apple does that by assigning a

Read more

Explore the site

More from the blog

Latest News