• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
details released for recently patched new macos archive utility vulnerability

Details Released for Recently Patched new macOS Archive Utility Vulnerability

You are here: Home / General Cyber Security News / Details Released for Recently Patched new macOS Archive Utility Vulnerability
October 6, 2022

Security researchers have shared facts about a now-addressed security flaw in Apple’s macOS functioning technique that could be possibly exploited to run destructive applications in a manner that can bypass Apple’s security measures.

The vulnerability, tracked as CVE-2022-32910, is rooted in the constructed-in Archive Utility and “could lead to the execution of an unsigned and unnotarized software without the need of displaying security prompts to the consumer, by working with a specially crafted archive,” Apple device administration agency Jamf reported in an evaluation.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Next responsible disclosure on May perhaps 31, 2022, Apple dealt with the issue as portion of macOS Big Sur 11.6.8 and Monterey 12.5 released on July 20, 2022. The tech big, for its aspect, also revised the before-issued advisories as of Oct 4 to insert an entry for the flaw.

Apple explained the bug as a logic issue that could let an archive file to get all around Gatekeeper checks, which is intended so as to assure that only dependable software package operates on the operating procedure.

The security technology achieves this by verifying that the downloaded bundle is from a legit developer and has been notarized by Apple – i.e., specified a stamp of approval to ensure it truly is not been maliciously tampered with.

“Gatekeeper also requests person approval just before opening downloaded software program for the initially time to make positive the user hasn’t been tricked into managing executable code they believed to simply just be a info file,” Apple notes in its help documentation.

It really is also worth noting archive information downloaded from the internet are tagged with the “com.apple.quarantine” prolonged attribute, which include the merchandise inside of the file, so as to cause a Gatekeeper test prior to execution.

But in a peculiar quirk discovered by Jamf, the Archive Utility fails to add the quarantine attribute to a folder “when extracting an archive that contains two or more data files or folders in its root directory.”

CyberSecurity

Thus by generating an archive file with the extension “exploit.app.zip,” it potential customers to a state of affairs where by an unarchival results in the creation of a folder titled “exploit.application,” although also lacking the quarantine attribute.

This software “will bypass all Gatekeeper checks making it possible for an unnotarized and/or unsigned binary to execute,” Jamf researcher Ferdous Saljooki, who discovered the flaw, claimed. Apple reported it fixed the vulnerability with enhanced checks.

The conclusions occur extra than 6 months after Apple addressed yet another very similar flaw in macOS Catalina, Major Sur 11.6.5, and Monterey 12.3 (CVE-2022-22616) that could make it possible for a destructive ZIP archive to bypass Gatekeeper checks.

Located this short article intriguing? Adhere to THN on Facebook, Twitter  and LinkedIn to read a lot more distinctive written content we article.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «the ultimate saas security posture management checklist, 2023 edition The Ultimate SaaS Security Posture Management Checklist, 2023 Edition
Next Post: RDP Attacks Decline 89% in Eight Months Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.