Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

Jonathan Bar Or, Microsoft’s principal security researcher, located the flaw back in July and immediately shared it with Apple via the company’s Security Vulnerability Research (MSVR) program. Nicknamed “Achilles,” the vulnerability left room for skilled attackers to skip Gatekeeper’s application execution restrictions. Not only could bad actors use Achilles to “get a foot in the door” before launching a larger attack, but they could exploit the vulnerability in such a way that boosted the impact of larger macOS malware campaigns.

Gatekeeper typically allows only trusted applications to run on macOS devices. It does this by checking downloaded software for an attribute titled “com.apple.quarantine,” which is only assigned to Apple-verified files. Achilles, however, permitted custom malicious payloads to bypass Gatekeeper’s checks by exploiting restrictive Access Control Lists (ACLs) that prohibit Safari, Apple’s web browser, from setting the com.apple.quarantine attribute on archived ZIP files. This allowed malicious apps “hidden” inside an archived payload to launch on the victim’s macOS device.

Microsoft Spots macOS Vulnerability That Lets Malware Bypass Security Checks

“Due to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature,” Microsoft’s Achilles writeup reads. “However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.”

Bar Or has since logged Achilles on the Common Vulnerabilities and Exposures (CVE) list. Apple has also patched the vulnerability via macOS versions Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, the last two of which became available last week. Microsoft’s Security Threat Intelligence team recommends that all macOS users should apply the patch, even if they utilize Apple’s Lockdown Mode (which is said to protect users in need of heightened personal security). Lockdown Mode is meant to prevent attacks involving zero-click remote code execution, meaning it doesn’t protect against a vulnerability like Achilles.

Continue reading

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.

Astronomers Spot Earth-Sized Rogue Planet Wandering the Galaxy
Astronomers Spot Earth-Sized Rogue Planet Wandering the Galaxy

Astronomers have identified more than 4,000 exoplanets orbiting other stars but just a few "rogue planets" wandering the galaxy without a star to call home. A new study claims to have spotted one of these worlds, and it may be a small, rocky world like Earth.

PS5 Temperature Measurements Reveal Potential Trouble Spot
PS5 Temperature Measurements Reveal Potential Trouble Spot

The PS5's bottom-mounted RAM gets much warmer than the top.

Astronomers Spot Potentially Artificial Radio Signal From Nearby Star
Astronomers Spot Potentially Artificial Radio Signal From Nearby Star

We don't yet know what this signal is, but there's a (very) small chance it could have alien origins.