Microsoft uncovers macOS flaw that could let malware run riot

Apple says it has patched all macOS versions

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas revealed it discovered a major vulnerability inApple’s macOS which could have allowed threat actors to bypass theoperating system’s security protocols and run all kinds ofmalwareon vulnerableendpoints.

The vulnerability has since been shared with Apple and subsequently patched.

In ablog postdetailing the findings, Microsoft said that in late July its researchers discovered a way to bypass the Gatekeeper security mechanism and run untrusted apps on the target device. Gatekeeper is a security feature that enforces code signing and verifies downloaded applications before they are allowed to run.

Apple fixes the issue

Given Apple’s reliance on Gatekeeper to safeguard macOS users, Microsoft has dubbed the vulnerability “Achilles”. It notified the company of its findings through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR), and Apple “quickly” released a patch to all of the macOS versions.

Achilles is now being tracked as CVE-2022-42821, and is described on the CVE.mitre.org site as a “logic issue” that was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, and macOS Ventura 13, the site says.

These are the best pivacy tools around>There’s a major new security update for iOS and macOS, so update now>Mac and iOS security flaw could expose your Siri conversations – but there’s a fix

Microsoft also said the vulnerability can’t be eliminated with the use of Apple’s Lockdown Mode, suggesting that applying the patch is the only way forward. Lockdown Mode, introduced in macOS Ventura, is an optional protection feature for high-risk users, designed to stop zero-click remote code execution exploits. Therefore, Microsoft says, it does not defend against Achilles.

“End-users should apply the fix regardless of their Lockdown Mode status,” the announcement reads.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Gatekeeper may be a pivotal part of securing the macOS environment, but it’s not without its flaws, Microsoft said. Apparently, fake apps are one of the most popular attack vectors in the Apple ecosystem, suggesting that Gatekeeper bypass techniques are an “attractive and even necessary capability” for attackers.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time