Recently, Apple made improvements to its macOS operating system to eradicate the vulnerability fixed and reported by Microsoft’s principal white hat researcher, so it could be the target of cyber-attacks.
Configured applications could exploit this flaw to bypass Gatekeeper, which might then be leveraged to upload malware. This security flaw was called Achilles and was assigned the CVE-2022-42821 identifier.
On December 13, 2017, Apple issued the update that fixed the bug and made the software update accessible to all macOS users.
Gatekeeper examines all applications downloaded from the web on the computer of macOS. If it determines that the application is malicious software, a warning is displayed informing you that it does not run, and you are given the option to allow its installation.
Gatekeeper has been regarded by macOS users as an efficient and highly effective defensive tool for malware.
Despite Gatekeeper’s bulletproof reputation, it has proven to be vulnerable to a number of bypass techniques over time.
The extension attribute named com.apple.quarantine is discovered in all computerized browsers, like the Mark of the Creator in Windows. This attribute designates the quarantine of computerized files.
An errant logic mistake within the ACL can be entered into by crafty payloads in order to set restrictive security permissions on a computer system through the Achilles weakness.
As a result, a browser or internet downloader that downloads an asset archived as a ZIP file will not be able to set the com.apple.quarantine attribute.
In the case of an archived malicious payload, the malicious payload contained in the archive is launched on the target ‘s computer as a result. It is in this way that attackers can download and mount malware instead of being thwarted by Gatekeeper.
A few recent examples of Gatekeeper bypass vulnerabilities were uncovered, and here are some examples of those:-
A variety of risks and vulnerabilities appear constantly in the threat environment. As such, a malicious actor has access to systems and data on a computer system through vulnerabilities and misconfigurations that are not patched.
Fake applications continue to be a major vector for unauthorized access into macOS systems. Bypass techniques are becoming more and more popular with malicious attackers, as high-level attacks continue to change, and they are also being regarded as necessities by bad actors.
Such an example illustrates the benefits of responsible vulnerability disclosures and cooperation across different platforms. By doing so, different forms of issues will be addressed effectively, protecting users from potential threats in the future and in the present.
Found this article interesting? Follow Terraeagle on Facebook, Twitter and LinkedIn to read more exclusive content we post.