Microsoft Told about a Bug in MacOS that Allowed to Bypass Gatekeeper

Microsoft spoke about a bug in macOS
Written by Emma Davis

Microsoft specialists spoke in detail about the vulnerability CVE-2022-42821, which could be used to bypass Gatekeeper.

A week ago, Apple developers fixed an issue, dubbed Achilles, in macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur).

Let me remind you that we also wrote that Apple leaves critical bugs unpatched in macOS Big Sur and Catalina, and also that Apple Fixes at Once Two 0-Day Vulnerabilities That Threatened iOS, MacOS and Safari.

Microsoft employees discovered the Achilles bug in July 2022. They explain that on macOS, files downloaded from the Internet are given a special com.apple.quarantine attribute. Because of this, Gatekeeper can effectively prevent such applications from running because they are not signed or notarized by Apple. In short, the functionality is similar to Mark-of-the-Web (MotW) in Windows.

The Achilles vulnerability allows the use of specially crafted payloads to set restrictions on an Access Control List (ACL). As a result, the com.apple.quarantine attribute will not be assigned to payloads downloaded from the Internet in ZIP format. That is, a malicious application contained in the archive will be able to run on the victim’s system, and Gatekeeper will not block it, which will allow attackers to download and deploy malware on the machine.

Microsoft experts spoke about the effectiveness of “Lockdown mode“, introduced in macOS Ventura as an additional protective feature for users at risk who may become a target for targeted cyber attacks,

Lockdown mode will protect users’ connections while they are messaging and browsing the web by blocking spyware (like the NSO Group’s Pegasus spyware) that government hackers routinely use against Apple device owners.Apple said.

But the Lockdown mode aims to protect against zero-click exploits and therefore does not protect against Achilles.”

Rogue applications remain one of the main vectors of penetration into macOS, therefore, gatekeeper bypass methods are a tempting possibility and even a necessity, and attackers can use them in their attacks.Microsoft experts summarize.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending