Microsoft has revealed it discovered a major vulnerability in Apple’s macOS which could have allowed threat actors to bypass the operating system’s security protocols and run all kinds of malware on vulnerable endpoints.
The vulnerability has since been shared with Apple and subsequently patched.
In a blog post (opens in new tab) detailing the findings, Microsoft said that in late July its researchers discovered a way to bypass the Gatekeeper security mechanism and run untrusted apps on the target device. Gatekeeper is a security feature that enforces code signing and verifies downloaded applications before they are allowed to run.
Apple fixes the issue
Given Apple’s reliance on Gatekeeper to safeguard macOS users, Microsoft has dubbed the vulnerability “Achilles”. It notified the company of its findings through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR), and Apple “quickly” released a patch to all of the macOS versions.
Achilles is now being tracked as CVE-2022-42821, and is described on the CVE.mitre.org site as a “logic issue” that was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, and macOS Ventura 13, the site says.
Microsoft also said the vulnerability can’t be eliminated with the use of Apple’s Lockdown Mode, suggesting that applying the patch is the only way forward. Lockdown Mode, introduced in macOS Ventura, is an optional protection feature for high-risk users, designed to stop zero-click remote code execution exploits. Therefore, Microsoft says, it does not defend against Achilles.
“End-users should apply the fix regardless of their Lockdown Mode status,” the announcement reads.
Gatekeeper may be a pivotal part of securing the macOS environment, but it’s not without its flaws, Microsoft said. Apparently, fake apps are one of the most popular attack vectors in the Apple ecosystem, suggesting that Gatekeeper bypass techniques are an “attractive and even necessary capability” for attackers.