Microsoft security researchers have detailed a macOS vulnerability that could leave Macs vulnerable to hackers. Apple has since fixed the bug.
Microsoft has revealed a macOS security flaw that could leave it vulnerable Macs Vulnerable to hackers. While Windows and Android often get a bad rap when it comes to malware and other security issues, Macs aren’t completely immune to vulnerabilities. Last year, Apple admitted that macOS had to deal with hundreds of different malware, some of which infected hundreds of thousands of devices. The App Store has also been found to host shady apps that extort exorbitant subscription fees from unsuspecting users. However, Apple regularly removes these apps after being reported by users and cyber security researchers.
In an official blog post, Microsoft detailed the macOS vulnerability called “Achilles,” which it first discovered in July 2022. According to the company, the security flaw could allow attackers to bypass Apple’s Gatekeeper security mechanism, which is designed to scan apps, add-ons. and installers to ensure they are free of malware. Applications that pass the Gatekeeper scan are allowed to run, while applications that fail are blocked. All software downloaded from outside the App Store is assigned the “com.apple.quarantine” attribute, which tells Gatekeeper that the software needs to be scanned. Achilles blocks this attribution, allowing malicious actors to run on Macs and bypass Gatekeeper.
macOS critical flaw Achilles
Microsoft also says that the lockdown mode implemented in MacOS Ventura offers no protection in this case. Lockdown mode is not intended for the average user troubleshooting malware. Instead, it’s designed to stop zero-click remote code execution exploits to protect users who might be targeted by corporate or government-sponsored espionage. This includes government agents, corporate executives and journalists in repressive states.
While Achilles was a troubling security vulnerability that attackers could exploit to target the Macs of millions of users, Apple patched the flaw in macOS 13 Ventura, macOS 12.6.2 Monterey, and macOS 11.7.2 Big Sur. Users should update their Macs with the latest available software to ensure they are protected against Achilles.
This isn’t the first time a macOS vulnerability has allowed malware to bypass Gatekeeper. Earlier this year, Microsoft detailed a macOS security flaw that allowed a Trojan called ‘UpdateAgent’ to bypass Gatekeeper and run freely on Macs. Apple eventually fixed the bug after being notified by Microsoft. As various security vulnerabilities in Macs have shown, they are just as susceptible to hackers and malware vendors as any other operating system. Following best practices like downloading apps from reputable websites and installing updates on time is the only way to stay ahead Macs and other devices on the secure Internet.
MORE: What you need to know about the SHARPEXT malware that went beyond Gmail 2FA