Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

Jonathan Bar Or, Microsoft’s principal security researcher, located the flaw back in July and immediately shared it with Apple via the company’s Security Vulnerability Research (MSVR) program. Nicknamed “Achilles,” the vulnerability left room for skilled attackers to skip Gatekeeper’s application execution restrictions. Not only could bad actors use Achilles to “get a foot in the door” before launching a larger attack, but they could exploit the vulnerability in such a way that boosted the impact of larger macOS malware campaigns.

Gatekeeper typically allows only trusted applications to run on macOS devices. It does this by checking downloaded software for an attribute titled “com.apple.quarantine,” which is only assigned to Apple-verified files. Achilles, however, permitted custom malicious payloads to bypass Gatekeeper’s checks by exploiting restrictive Access Control Lists (ACLs) that prohibit Safari, Apple’s web browser, from setting the com.apple.quarantine attribute on archived ZIP files. This allowed malicious apps “hidden” inside an archived payload to launch on the victim’s macOS device.

Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

“Due to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature,” Microsoft’s Achilles writeup reads. “However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.”

Bar Or has since logged Achilles on the Common Vulnerabilities and Exposures (CVE) list. Apple has also patched the vulnerability via macOS versions Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, the last two of which became available last week. Microsoft’s Security Threat Intelligence team recommends that all macOS users should apply the patch, even if they utilize Apple’s Lockdown Mode (which is said to protect users in need of heightened personal security). Lockdown Mode is meant to prevent attacks involving zero-click remote code execution, meaning it doesn’t protect against a vulnerability like Achilles.

Continue reading

Microsoft ‘Clarifies’ Windows 11 Requirements, Pulls PC Health Check App
Microsoft ‘Clarifies’ Windows 11 Requirements, Pulls PC Health Check App

Microsoft has published a new blog post hoping to clear up confusion on which systems are and are not supported in Windows 11. It helps — a little.

Microsoft Is Pushing the PC Health Check App to Windows 10 Machines
Microsoft Is Pushing the PC Health Check App to Windows 10 Machines

Don't want it? Tough, you're getting the Microsoft PC Health Check app regardless of whether or not you've expressed interest in Windows 11.

Delaware Farmers Use Underwear to Check Soil Health
Delaware Farmers Use Underwear to Check Soil Health

That hole-y pair of undies at the bottom of your drawer might gain a second life in the garden.

Amazon to Expand its Palm-Print Checkout System to Whole Foods Stores
Amazon to Expand its Palm-Print Checkout System to Whole Foods Stores

Amazon is expanding the rollout of its touchless, palm-based identification system known as Amazon One.