Microsoft has revealed it discovered a way to bypass Gatekeeper in macOS, and even Lockdown Mode to run malware. The vulnerability, called “Achilles” by Microsoft and now CVE-2022-42821 by Apple, was discovered in July 2022 and reported to Apple, which patched the vulnerability in December 2022.
In a blog post, Jonathan Bar Or of the Microsoft 365 Defender Research Team said that “Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices.”
“We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call ‘Achilles’,” he continued. “Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.”
The Redmond firm warns that Apple’s new Lockdown Mode would not have prevented such an attack.
“We note that Apple’s Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles,” said Microsoft in the post.
“End-users should apply the fix regardless of their Lockdown Mode status,” concludes Microsoft. “We thank Apple for the collaboration in addressing this issue.”
Apple’s Gatekeeper is a security feature that alerts Mac users when they launch an app that was not installed from the App Store, is “from an unidentified developer,” or is “from the internet.”
Lockdown Mode which debuted in July 2022, offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.
While Lockdown Mode is turned off by default, it can be enabled in the Privacy & Security section of the Settings or System Settings app. After being turned on, Lockdown Mode can be turned off at any time in the same section of the Settings app. Enabling or disabling Lockdown Mode requires restarting the device and entering the device’s passcode.
(Via AppleInsider)
