Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

Jonathan Bar Or, Microsoft’s principal security researcher, located the flaw back in July and immediately shared it with Apple via the company’s Security Vulnerability Research (MSVR) program. Nicknamed “Achilles,” the vulnerability left room for skilled attackers to skip Gatekeeper’s application execution restrictions. Not only could bad actors use Achilles to “get a foot in the door” before launching a larger attack, but they could exploit the vulnerability in such a way that boosted the impact of larger macOS malware campaigns.

Gatekeeper typically allows only trusted applications to run on macOS devices. It does this by checking downloaded software for an attribute titled “com.apple.quarantine,” which is only assigned to Apple-verified files. Achilles, however, permitted custom malicious payloads to bypass Gatekeeper’s checks by exploiting restrictive Access Control Lists (ACLs) that prohibit Safari, Apple’s web browser, from setting the com.apple.quarantine attribute on archived ZIP files. This allowed malicious apps “hidden” inside an archived payload to launch on the victim’s macOS device.

Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

“Due to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature,” Microsoft’s Achilles writeup reads. “However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.”

Bar Or has since logged Achilles on the Common Vulnerabilities and Exposures (CVE) list. Apple has also patched the vulnerability via macOS versions Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, the last two of which became available last week. Microsoft’s Security Threat Intelligence team recommends that all macOS users should apply the patch, even if they utilize Apple’s Lockdown Mode (which is said to protect users in need of heightened personal security). Lockdown Mode is meant to prevent attacks involving zero-click remote code execution, meaning it doesn’t protect against a vulnerability like Achilles.

Continue reading

SteelSeries Peripherals Can Bypass Windows Security, Too
SteelSeries Peripherals Can Bypass Windows Security, Too

Windows users around the world were looking warily at their Razer peripherals earlier this week. That's when a security researcher noted the devices could be used to gain administrator privileges on Windows, and it turns out Razer is not alone. The same vulnerability exists in the SteelSeries ecosystem.

Nvidia Hackers Selling Cryptocurrency Mining Bypass
Nvidia Hackers Selling Cryptocurrency Mining Bypass

Nvidia spent the weekend going back-and-forth with a nefarious hacking group, which is apparently attempting to bypass its LHR technology used to combat crypto mining.

Russia Looks at Legalizing Software Piracy to Bypass Sanctions
Russia Looks at Legalizing Software Piracy to Bypass Sanctions

Why comply with sanctions when you can encourage your citizens to bypass them?

Netflix Experiments With Bypassing Apple App Store Subscription Fees
Netflix Experiments With Bypassing Apple App Store Subscription Fees

Netflix is the latest company to test a model for avoiding the fees associated with App Store distribution, but it's far from alone.