The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

Apple has fixed a vulnerability in macOS that could have allowed attackers to bypass application restrictions on the tech giant’s Gatekeeper mechanism.

The vulnerability, tracked as CVE-2022-42821 and dubbed ‘Achilles’, was first uncovered by researchers at Microsoft and shared with Apple through the Coordinated Vulnerability Disclosure (CVD) system.

Microsoft said the Achilles flaw could have enabled hackers to gain access to operating systems and download or deploy malware on Mac devices.

Apple confirmed it patched the bug on 13 December in its raft of security updates for macOS 13, macOS 12.6.2 and macOS 1.7.2.

Achilles exploited Apple’s Gatekeeper security mechanism used on Macs which is responsible for checking downloaded apps to ensure that they are legitimate, and works by requiring the user to confirm or authorise launching an app that might have been flagged by the mechanism.

Apple’s Gatekeeper system operates in a similar fashion to Microsoft’s own Mark of the Web (MOTW) protocols.

“When downloading apps from a browser, like Safari, the browser assigns a special extended attribute to the downloaded file,” researchers explained.

“That attribute is named com.apple.quarrantine and is later used to enforce policies such as Gatekeeper or certain mitigations that prevent sandbox escapes.”

Microsoft said the Achilles flaw would allow attackers to leverage targeted payloads to abuse Access Control Lists (ACLs) – a mechanism in macOS that offers additional protection to the standard permission model.