Security News > 2022 > December > Microsoft: Achilles macOS bug lets hackers bypass Gatekeeper

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions.

Apple addressed the bug in macOS 13, macOS 12.6.2, and macOS 1.7.2 one week ago, on December 13.

Gatekeeper is a macOS security feature that automatically checks all apps downloaded from the Internet if they are notarized and developer-signed, asking the user to confirm before launching or issuing an alert that the app cannot be trusted.

Microsoft said on Monday that "Apple's Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles."

This is just one of multiple Gatekeeper bypasses found in the last several years, with many of them abused in the wild by attackers to circumvent macOS security mechanisms like Gatekeeper, File Quarantine, and System Integrity Protection on fully patched Macs.

Shlayer's creators had also managed to get their payloads through Apple's automated notarizing process and used a years-old technique to escalate privileges and disable macOS' Gatekeeper to run unsigned payloads.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-achilles-macos-bug-lets-hackers-bypass-gatekeeper/