Security News > 2022 > December > Microsoft reports macOS Gatekeeper has an 'Achilles' heel

Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "For initial access by malware and other threats."

Gatekeeper has been a part of macOS for a decade and is used to validate that apps are signed and notarized before allowing them to be launched.

With Achilles Microsoft's proof of concept was able to take advantage of how macOS deploys access control lists to completely bypass Gatekeeper.

Infections with macOS are often the result of users running malicious apps, Microsoft principal security researcher Jonathan Bar Or wrote in the company's report on the bug.

"Our data shows that fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks," Bar Or wrote.

Sneaking malicious code in through a compromised binary is not one of Lockdown Mode's features, though Apple said it plans to add features over time - hopefully a stronger Gatekeeper makes the cut.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/20/macos_gatekeeper_flaw_microsoft/