MacOS bug gives malware free access
Apple has fixed a vulnerability that attackers could use to install malicious software on devices running MacOS.
Painful: Discovered by Microsoft
A bitter detail: Microsoft, once Apple’s arch rival in the PC field, discovered the flaw in the software. Microsoft’s chief security researcher Jonathan Bar Or gave the vulnerability the code name Achilles. This is now known by the less easy to remember code CVE-2022-42821.
Apple has fixed the bug in versions MacOS 13 (Ventura), MacOS 12.6.2. (Monterey) and MacOS 1.7.2 (Big Sur) via an automatic update. This happened well before Apple announced everything. This is to prevent hackers from abusing this zero-day exploit.
Bypassing Apple’s Gatekeeper
Gatekeeper is a special component of MacOS that automatically checks all apps downloaded from the Internet. For example, this app must have a digital signature from a developer approved by Apple. If there are problems, the user will receive a warning and the app will not run.
The Achilles flaw in Gatekeeper allowed malware to set ACL permissions, preventing browsers from setting the com.apple.quarantine attribute on downloaded files. So these infected files never made it into the sandbox. And this gave them free reign on an Apple computer, even if Lockdown Mode was activated on it. That is why it is very important if you have an Apple to always install the latest updates.
Not the first time
Extra annoying for Apple is that this is not the first time that Gatekeeper and other security systems have failed. For example, there have been previous issues with things like bypassing system integrity protection (SIP), and the infamous Shlayer malware, which manages to bypass File Quarantine, Gatekeeper, and Notarization security checks and download other malicious software.
Although Microsoft Windows has the reputation of being an insecure system, Apple also appears not to be free of vulnerabilities.