Gatekeeper has been regarded by macOS users as an efficient and highly effective defensive tool for malware.
Despite Gatekeeper’s bulletproof reputation, it has proven to be vulnerable to a number of bypass techniques over time.
The extension attribute named com.apple.quarantine is discovered in all computerized browsers, like the Mark of the Creator in Windows. This attribute designates the quarantine of computerized files.
An errant logic mistake within the ACL can be entered into by crafty payloads in order to set restrictive security permissions on a computer system through the Achilles weakness.
As a result, a browser or internet downloader that downloads an asset archived as a ZIP file will not be able to set the com.apple.quarantine attribute.
In the case of an archived malicious payload, the malicious payload contained in the archive is launched on the target ‘s computer as a result. It is in this way that attackers can download and mount malware instead of being thwarted by Gatekeeper.
Gatekeeper Bypass Vulnerabilities
A few recent examples of Gatekeeper bypass vulnerabilities were uncovered, and here are some examples of those:-
- CVE-2022-22616: Assignment of the quarantine attribute.
- CVE-2021-1810: Assignment of the quarantine attribute.
- CVE-2021-30657: Component(s) that enforce policy checks.
- CVE-2021-30853: Component(s) that enforce policy checks.
- CVE-2019-8656: Assignment of the quarantine attribute.
- CVE-2014-8826: Component(s) that enforce policy checks
A variety of risks and vulnerabilities appear constantly in the threat environment. As such, a malicious actor has access to systems and data on a computer system through vulnerabilities and misconfigurations that are not patched.
Fake applications continue to be a major vector for unauthorized access into macOS systems. Bypass techniques are becoming more and more popular with malicious attackers, as high-level attacks continue to change, and they are also being regarded as necessities by bad actors.
Such an example illustrates the benefits of responsible vulnerability disclosures and cooperation across different platforms. By doing so, different forms of issues will be addressed effectively, protecting users from potential threats in the future and in the present.
Found this article interesting? Follow Terraeagle on Facebook, Twitter and LinkedIn to read more exclusive content we post.