Apple issues patch for macOS security bypass vulnerability

Shutterstock

Apple has fixed a vulnerability in macOS that could have permitted attackers to bypass software limits on the tech giant’s Gatekeeper system.  

The vulnerability, tracked as CVE-2022-42821 and dubbed ‘Achilles’, was 1st uncovered by researchers at Microsoft and shared with Apple by means of the Coordinated Vulnerability Disclosure (CVD) system.

Microsoft reported the Achilles flaw could have enabled hackers to gain access to operating programs and down load or deploy malware on Mac devices.  

Apple confirmed it patched the bug on 13 December in its raft of security updates for macOS 13, macOS 12.6.2 and macOS 1.7.2. 

Achilles exploited Apple’s Gatekeeper security system employed on Macs which is accountable for checking downloaded apps to be certain that they are genuine, and is effective by demanding the consumer to validate or authorise launching an application that may well have been flagged by the mechanism.

Apple’s Gatekeeper technique operates in a very similar style to Microsoft’s own Mark of the Web (MOTW) protocols.  

“When downloading apps from a browser, like Safari, the browser assigns a distinctive prolonged attribute to the downloaded file,” researchers defined.  

“That attribute is named com.apple.quarrantine and is later on employed to implement policies these as Gatekeeper or selected mitigations that stop sandbox escapes.” 

Microsoft claimed the Achilles flaw would permit attackers to leverage qualified payloads to abuse Obtain Handle Lists (ACLs) – a system in macOS that offers further safety to the typical authorization design.  

If exploited, the flaw intended that a destructive application downloaded by a person would launch on their process alternatively of getting blocked by Gatekeeper.  

Apple released Lockdown Manner in macOS Ventura to mitigate the risk of zero-click remote code execution (RCE) exploits. Having said that, scientists mentioned that this optional aspect for higher-risk end users would not defend against Achilles.  

“End-users should utilize the deal with irrespective of their Lockdown Manner status,” explained Jonathan Bar Or of the Microsoft 365 Defender Researcher Staff.  

Gatekeeper vulnerabilities 

Bar Or said that although Gatekeeper is “essential” in spotting malware on macOS, there have been many historic examples of flaws which enabled attackers to bypass the program.  

“Gatekeeper is not bulletproof,” he mentioned. “Gaining the means to bypass Gatekeeper has dire implications as in some cases malware authors leverage those procedures for preliminary access.” 

Security scientists at Microsoft beforehand uncovered the Shrootless flaw in 2021 which enabled hackers to bypass the Procedure Integrity Protection (SIP) attribute and govt malicious code.  

Similarly, in April 2021 Apple issued a fix for a critical zero-day vulnerability in macOS which allowed the group powering the Shlayer malware to bypass Apple Gatekeeper, File Quarantine, and Notarisation protocols. 

Apple released its Notarisation procedure in February 2020 to counter expanding threats to macOS. On the other hand, experimentation by a university pupil unveiled that the Shlayer adware slipped earlier the protocol.  

Bar Or observed that the exploration highlights the critical job that collaborative investigation plays in bolstering safety abilities across platforms and the broader marketplace landscape.  

“As environments proceed to rely on a assorted assortment of equipment and working techniques, organisations will need security options that can present defense throughout platforms and a total picture of their security posture,” he stated.  

“This circumstance also emphasised the will need for accountable vulnerability disclosures and skilled, cross-platform collaboration to correctly mitigate issues, protecting customers from present and potential threats.” 

Some sections of this write-up are sourced from:
www.itpro.co.uk