>
Microsoft has revealed that it has discovered a major vulnerability in Apple’s macOS that could allow attackers to bypass the operating system’s security protocols and run all kinds of malware on vulnerable endpoints.
The vulnerability has since been shared with Apple and subsequently patched.
In a blog post (opens in new tab) In detail of the findings, Microsoft said that at the end of July, its researchers discovered a way to bypass the Gatekeeper security mechanism and run untrusted apps on the target device. Gatekeeper is a security feature that enforces code signing and verifies downloaded applications before allowing them to run.
Apple fixes the problem
Given Apple’s reliance on Gatekeeper to protect macOS users, Microsoft has dubbed the vulnerability “Achilles.” It notified the company of its findings via Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR), and Apple “quickly” released a patch for all macOS versions.
Achilles is now tracked as CVE-2022-42821 and is described on the CVE.mitre.org site as a “logic issue” that has been addressed with improved checks. This issue has been fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, and macOS Ventura 13, the site says.
Microsoft also said the vulnerability cannot be eliminated using Apple’s Lockdown Mode, suggesting applying the patch is the only way forward. Introduced in macOS Ventura, Lockdown Mode is an optional protection feature for high-risk users designed to stop abusive remote code execution without clicks. Therefore, says Microsoft, it is not defending itself against Achilles.
“End users must apply the fix regardless of their Lockdown Mode status,” the announcement reads.
Gatekeeper may be a critical part of securing the macOS environment, but it’s not without its flaws, Microsoft said. Apparently, fake apps are one of the most popular attack vectors in the Apple ecosystem, suggesting Gatekeeper bypass techniques are an “attractive and even necessary opportunity” for attackers.