Security News > 2022 > December > Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems
2022-12-20 05:52

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.

The shortcoming, dubbed Achilles, was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

Gatekeeper is a security mechanism designed to ensure that only trusted apps run on the operating system.

Thus when an unsuspecting user downloads a potentially harmful app that impersonates a piece of legitimate software, the Gatekeeper feature prevents the apps from being run as it's not validly signed and notarized by Apple.

Given the crucial role played by Gatekeeper in macOS, it's hard not to imagine the consequences of sidestepping the security barrier, which could effectively permit threat actors to deploy malware on the machines.

"Fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks," Bar Or said.


News URL

https://thehackernews.com/2022/12/microsoft-details-gatekeeper-bypass.html

Related vendor