The macOS operating system was fixed recently by Apple to eliminate a vulnerability found and reported by the principal security researcher of Microsoft, it could be exploited by attackers to install malware.
Untrusted applications with the capability of bypassing Gatekeeper application execution restrictions could be used to exploit this vulnerability. This security flaw has been named Achilles and assigned the CVE-2022-42821 designation.
It was on December 13 that Apple addressed the bug and made it available to users with the following versions of macOS:-
Apps downloaded from the Internet are automatically checked by Gatekeeper on macOS. When the app can’t be trusted, the user is prompted to confirm or an alert is displayed that the app is untrustworthy before it can be launched.
Gatekeeper has been recognized as one of the most useful and effective security features on macOS as a result of its role as a countermeasure against malware.
It is worth considering, however, that Gatekeeper, in spite of being bulletproof, has been found vulnerable to numerous bypass techniques in the past.
An extension attribute named com.apple.quarantine is associated with all downloaded files in web browsers, very similar to the Mark of the Web in Windows, that identifies files that will be quarantined.
A logic error present in the Access Control List (ACL) can be exploited by specially-crafted payloads to set restrictive permissions on a computer system due to the Achilles flaw.
As a result, a web browser or internet downloader that downloads a payload archived as a ZIP file will not be able to set the com.apple[.]quarantine attribute.
In the case of an archived malicious payload, the malicious application contained within the archive is launched on the target’s computer as a result. It is through this method that attackers can download and deploy malware instead of being blocked by Gatekeeper.
During the last several years, a number of Gatekeeper bypass vulnerabilities were discovered, and the following are some examples:-
A variety of threats and attack capabilities are continually emerging in the threat landscape. Using this rapidly evolving threat scenario, malicious actors are able to gain access to systems and data on a computer system using unpatched vulnerabilities and misconfigurations.
There is no doubt that fake apps remain a significant vector for entry into macOS systems. Gatekeeper bypass techniques are becoming more and more attractive to threat actors, as attacks become more sophisticated, and they are even being considered necessities by malicious actors.
A case like this illustrates the importance of responsible vulnerability disclosures as well as collaboration across different platforms. By doing so, various issues can be addressed effectively, protecting users from potential threats in the future as well as in the present.
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…