Application security, Malware, Vulnerability Management, Threat Management

Addressed macOS vulnerability enables malware evasion of security checks

BleepingComputer reports that threat actors could exploit a macOS vulnerability to facilitate malware distribution without being detected by Gatekeeper through application execution restrictions. The flaw, dubbed Achilles and tracked as CVE-2022-42821, has already been addressed by Apple in macOS 13, 12.6.2, and 11.7.2. Microsoft Principal Security Researcher Jonathan Bar Or who discovered and reported Achilles found that it enables malicious payload exploitation of a logic issue that would restrict Access Control Lists to evade the Gatekeeper security feature. "Apple's Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles. End-users should apply the fix regardless of their Lockdown Mode status," said the Microsoft Security Threat Intelligence team. Vulnerabilities bypassing Gatekeeper have been previously identified, including the Shrootless flaw also reported by Bar Or that enables System Integrity Protection evasion to facilitate arbitrary operation execution and rootkit installation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.