Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Explore

SECTIONS

MORE

search button

Microsoft uncovers Apple macOS Gatekeeper vulnerability

The Microsoft Security team recently announced it has uncovered and shared with Apple an important vulnerability in its Gatekeeper security technology.

user icon David Hollingworth
Wed, 28 Dec 2022 Security
Microsoft uncovers Apple macOS Gatekeeper vulnerability
expand image

Amusingly dubbed “Achilles” by the Microsoft researchers, the vulnerability allows malicious actors to bypass Gatekeeper entirely and is considered a significant threat to Mac security.

Gatekeeper, first introduced in macOS in 2012, quarantines and then verifies any downloaded software. It’s based upon Apple’s older File Quarantine feature, which was itself released in MacOS X 10.5 Leopard in 2007.

While studying previous vulnerabilities in Gatekeeper, Microsoft researchers were able to find a new way to bypass the feature. Researchers used macOS’ Access Control Lists feature to lock down what a program could do with a file, including setting the com.apple.quarantine extended attribute assignment.

============
============

Using this exploit, Microsoft researchers were able to do the following in a proof of concept:

  1. Create a fake directory structure, including an arbitrary icon and payload.
  2. Create an AppleDouble file with the com.apple.acl.text extended attribute key and a value that represents a restrictive ACL.
  3. Create an archive with the application alongside its AppleDouble file and host it on a web server.

Jonathan Bar Or of the Microsoft 365 Defender Research Team said on the Microsoft Security blog that the vulnerability shows the importance of continuing research and sharing findings between companies in the space.

“Our data shows that fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks,” Or said. “Nonetheless, through research-driven protections and collaboration with customers, partners, and industry experts, we strive to enrich our protection technologies to defend against such issues — regardless of the platform or device in use.

“This case also emphasised the need for responsible vulnerability disclosures and expert cross-platform collaboration to effectively mitigate issues, protecting users against present and future threats. We wish to again thank the Apple product security team for their efforts and responsiveness in addressing the issue.”

Once researchers had confirmed their proof of concept, it was shared with Apple, and the vulnerability has been addressed in macOS Big Sur 11.7.2, macOS Monterey 12.6.2, and macOS Ventura 13.

Cyber Daily logo
VIEW ALL
David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

Copyright © 2007-2024 MOMENTUMMEDIA
Copyright & DisclaimersPrivacy PolicyTerms & Conditions
momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA