The Mac Gatekeeper bypass vulnerability was patched by Apple after it was discovered and reported by Microsoft security researchers.
The flaw allowed the malware to bypass Gatekeeper checks. Notably, the vulnerability even affected Macs running in ultra-secure lockdown mode…
Gatekeeper is a security feature built into macOS. When you try to run a new Mac app for the first time, Gatekeeper checks to see if it’s notarized by Apple as being from a recognized developer.
There are three user-selectable Gatekeeper settings:
- Only allow apps downloaded from the Mac App Store
- Also allow those signed by Apple Certified Developers
- Allow all apps
(Current and newer versions of macOS hide the third option to ensure that it cannot be selected inadvertently.)
When a new app is downloaded from the web, the file is assigned an attribute called com.apple.quarantine, which is a signal to Gatekeeper to inspect it when opened.
Mac Gatekeeper Bypass Vulnerability
A bleeping computer reports that a flaw in macOS allowed an attacker to avoid assigning the com.apple.quarantine attribute to a file, meaning it would not trigger a Gatekeeper check when opened.
The Achilles flaw allows a specially crafted payload to abuse a logical issue and set restrictive Access Control List (ACL) permissions that block web browsers and Internet downloaders from setting the com.apple.quarantine attribute for downloaded payloads archived as ZIP files.
As a result, a malicious app containing an archived malicious payload is launched on the target’s system instead of being blocked by the Gatekeeper, allowing attackers to download and deploy the malware.
It should be noted that the lockdown mode did not protect against the vulnerability.
Microsoft said on Monday that “Apple’s Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users who may be personally targeted by a sophisticated cyberattack, aims to stop zero-click remote code execution exploits and therefore Do not defend against Achilles.’
As always, it is recommended that your Mac and other Apple devices are fully updated. If you don’t want to upgrade to Ventura, Apple recommends upgrading to the latest (and most secure) version of earlier macOS.
Apple is currently rolling out a new Rapid Security Response feature for Mac and iOS devices that will allow it to quickly patch security flaws without having to completely update the operating system.
Photo: Ján Vlačuha/Unsplash
FTC: We use auto affiliate links to generate income. more.
Check out 9to5Mac on YouTube for more Apple news: