BleepingComputer reports that threat actors could exploit a macOS vulnerability to facilitate malware distribution without being detected by Gatekeeper through application execution restrictions.
The flaw, dubbed Achilles and tracked as CVE-2022-42821, has already been addressed by Apple in macOS 13, 12.6.2, and 11.7.2.
Microsoft Principal Security Researcher Jonathan Bar Or who discovered and reported Achilles found that it enables malicious payload exploitation of a logic issue that would restrict Access Control Lists to evade the Gatekeeper security feature.
"Apple's Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles. End-users should apply the fix regardless of their Lockdown Mode status," said the Microsoft Security Threat Intelligence team.
Vulnerabilities bypassing Gatekeeper have been previously identified, including the Shrootless flaw also reported by Bar Or that enables System Integrity Protection evasion to facilitate arbitrary operation execution and rootkit installation.
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.
The campaign involves a number of OAuth apps impersonating credible brands to gain verified status from Microsoft. According to researchers, a user who clicked on a consent prompt would hand malicious actors the ability to read their emails, adjust mailbox settings and gain access to other parts of their Microsoft account.