Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware.
The flaw, tracked as CVE-2022-42821, was first uncovered by Microsoft principal security researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or said the bug could allow malware to skirt Gatekeeper’s protections on macOS.
First introduced in 2012, Gatekeeper is a security feature designed to allow only trusted software to run on macOS. The feature automatically verifies that all apps downloaded from the internet are from identified developers who have been “notarized” by Apple, and whose apps are known to be free of malicious content.
Microsoft’s Bar Or explained in a blog post that macOS adds a “quarantine” attribute to apps and files that have been downloaded from a web browser and instructs Gatekeeper to check the file before it can be opened. But the Achilles vulnerability exploits a file permissions model called Access Control Lists (ACLs) to add extremely restrictive permissions to a downloaded file, which prevents web browsers from properly setting the quarantine attribute.
In exploiting the bug, a user could be tricked into downloading and opening a malicious file on macOS without triggering Gatekeeper’s security protections.
Microsoft reported the Achilles flaw in July, but Apple didn’t acknowledge the vulnerability was fixed until last week.
Bar Or said that Lockdown Mode, an opt-in Apple feature introduced earlier this year to help high-risk users block some of the more sophisticated cyberattacks, would not defend against the Achilles vulnerability, since Lockdown Mode is aimed at stopping silent and remotely triggered “zero-click” attacks that require no user interaction. “End-users should apply the fix regardless of their Lockdown Mode status,” said Bar Or.
Achilles is just one of many Gatekeeper bypasses that have been uncovered in recent years. In April 2021, Apple fixed a zero-day vulnerability in macOS that enabled the threat actors behind the notorious Shlayer malware to bypass Apple’s Gatekeeper and notarization security checks.
Small and medium businesses have become a growing target for malicious online hackers in recent years, currently accounting for between 43% and 61% of all security breaches and some $7 billion annually in related losses, according to different estimates. Today, a startup called Guardz is emerging from stealth with a two-part offering aimed at protecting them: a SaaS-based set of low-code […]
Hawk AI, a German company developing anti-money laundering (AML) and tangential fraud prevention smarts for financial institutions, has raised $17 million in a Series B round of funding. Prior to now, Hawk AI had raised $10 million, and with a fresh $17 million in the bank, the company said that it plans to bolster its product […]
British newspaper The Guardian has confirmed that cybercriminals accessed the personal details of U.K. staff members during a ransomware attack last month. The Guardian confirmed the data breach in an update emailed to staff on Wednesday, which the newspaper reported shortly after. The email, signed by the news outlet’s chief executive Anna Bateson and editor-in-chief […]
Leave a Reply