Microsoft Finds Achilles Heel In MacOS Gatekeeper System
Microsoft has informed the competitor of a serious security problem in its macOS operating system . This turned out to be a real Achilles’ heel in the protection architecture, which also provided the name of the bug.
However, the official name of the problem in the security databases is CVE-2022-42821. Via the bug, it is possible to bypass the Gatekeeper system in macOS. Apple calls the gatekeeper the mechanism used to ensure that foreign code from untrustworthy sources cannot be executed.
However, according to Microsoft’s analyses, this protection mechanism can be circumvented. This would of course be an important point at which malware could start in order to be able to smuggle malicious code onto a Mac, which significantly increases the chance of success for cybercrime campaigns, explains the Microsoft Security Threat Intelligence team.
Requires Immediate patch
Microsoft’s security researchers acknowledged that with Gatekeeper, Apple has actually developed a very effective system that can be used to keep threats away. However, one must also note that this protection is ultimate “not bulletproof”.
Gatekeeper works in such a way that a code downloaded from the network is first given a quarantine mark. However, manipulations of the Access Control List (ACL) could be used to prevent this attribute allocation. As a result, the code is no longer classified correctly and can be executed.
The Microsoft experts have sent their findings to Apple and the macOS manufacturer has already been able to react. Users are strongly advised to install the latest system updates to close the vulnerability. The security researchers pointed out that the new lockdown mode that Apple has introduced for users with special security requirements does not protect against the problem and patches should be installed quickly.
Research Snipers is currently covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More. Research Snipers has decade of experience in breaking technology news, covering latest trends in tech news, and recent developments.