A Microsoft security team has discovered a vulnerability in macOS that would allow malware to bypass security checks dubbed Achilles. Hackers can employ Achilles to inject malware on macOS hardware via untrusted apps that could bypass Gatekeeper.
Estimated reading time: 2 minutes
The Microsoft security team member who discovered the vulnerability is security researcher Jonathan Bar-Or, and Microsoft has logged Achilles as CVE-2022-42821. Apple has taken care of the issue with security updates to macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur). The updates should have hit user devices on December 13th, so if you have not updated, you are advised to do so to patch the Achilles bug.
macOS Gatekeeper is part of the operating systems security features which checks downloaded apps for notarization and an approved Apple developer signature. The user is then asked to confirm they want to open the application, and in some instances, macOS will warn the user the app cannot be trusted.
According to Bleeping Computer, “the Achilles flaw allows specially-crafted payloads to abuse a logic issue to set restrictive Access Control List (ACL) permissions that block web browsers and Internet downloaders from setting the com.apple.quarantine attribute for downloaded the payload archived as ZIP files. As a result, the malicious app contained within an archived payload launches on the target’s system instead of getting blocked by Gatekeeper, allowing attackers to download and deploy malware.”
It is always essential to update macOS as soon as you see updates show up. Some users may need to wait and ensure the update does not conflict with crucial apps on their systems, but the general rule for regular users is to update when the update drops.
What do you think of Achilles? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network. Be sure to subscribe to our RUMBLE channel as well!
