Security News > 2022 > October > Details Released for Recently Patched new macOS Archive Utility Vulnerability
Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures.
The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and "Could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive," Apple device management firm Jamf said in an analysis.
Following responsible disclosure on May 31, 2022, Apple addressed the issue as part of macOS Big Sur 11.6.8 and Monterey 12.5 released on July 20, 2022.
Apple described the bug as a logic issue that could allow an archive file to get around Gatekeeper checks, which is designed so as to ensure that only trusted software runs on the operating system.
In a peculiar quirk discovered by Jamf, the Archive Utility fails to add the quarantine attribute to a folder "When extracting an archive containing two or more files or folders in its root directory."
The findings come more than six months after Apple addressed another similar flaw in macOS Catalina, Big Sur 11.6.5, and Monterey 12.3 that could allow a malicious ZIP archive to bypass Gatekeeper checks.
News URL
https://thehackernews.com/2022/10/details-released-for-recently-patched.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-32910 | Unspecified vulnerability in Apple mac OS X and Macos A logic issue was addressed with improved checks. | 7.5 |