[ad_1]
Apple’s macOS operating system has such a strong reputation for security that many people mistakenly believe that Macs are simply immune to malware. Microsoft has reminded us that this is not the case, as the company has identified a serious vulnerability that affects one of macOS’ most important lines of defense.
According to Bleeping Computer, the bug was first reported by Jonathan Barr Orr, a principal security researcher at Microsoft, who named the flaw Achilles. It is now tracked as CVE-2022-42821.
In simple terms, Achilles works by bypassing the Gatekeeper feature of macOS. When a user downloads a Mac app, plug-in, or installer that isn’t from Apple’s App Store, Gatekeeper verifies that it’s from a verified developer, has been certified by Apple to be free of malware, and hasn’t been tampered with. If the app passes this check, it can run on the user’s Mac. If it fails, Gatekeeper blocks it.
However, Achilles found a way around this defense. As outlined in Microsoft’s recent blog post, macOS assigns an extended attribute called com.apple.quarantine to apps downloaded using Internet browsers. Among other things, this attribute tells macOS that Gatekeeper should check the file before it is installed.
Achilles blocks this attribute from being granted. This means that a malicious file will be able to run on macOS without Gatekeeper enabled, thereby bypassing Apple’s built-in security protections.
Interestingly, Microsoft says that macOS’s Lockdown Mode won’t work against Achilles because it’s designed to solve a different problem. Lockdown Mode is a special high-security mode in macOS that protects individuals who are vulnerable to highly sophisticated cyberattacks—for example, journalists in repressive countries. Regardless of your Lockdown status, you should update macOS to protect against Achilles.
The security flaw was originally discovered by Microsoft in July 2022 and patched by Apple in macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 11.7.2 (Big Sur). It emphasizes the importance of updating macOS to ensure you have the latest security patches and fixes.
This isn’t the first time Microsoft has spotted a macOS vulnerability and helped Apple fix it. For example, in February 2022, Microsoft issued a warning about a macOS trojan called UpdateAgent. Interestingly, this malware was also able to get around Gatekeeper. This shows that while Gatekeeper is great defensive software, it is not bulletproof.
Editors’ recommendations
[ad_2]
Source link
