"Microsoft Details Recent macOS Gatekeeper Bypass Vulnerability"

Microsoft recently shared details on CVE-2022-42821, a Gatekeeper bypass vulnerability that Apple recently addressed in macOS Ventura, Monterey, and Big Sur.   The vulnerability was identified in July 2022, and the security defect is described as a logic issue that could be exploited to bypass Gatekeeper checks, potentially allowing threat actors to execute malicious code on vulnerable systems.  Microsoft stated that Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.  Microsoft has created proof-of-concept (PoC) code, dubbed Achilles, that bypasses Gatekeeper by creating a fake directory structure with an arbitrary icon and payload, and creating an AppleDouble file with restrictive ACL.  Microsoft noted that the code and the AppleDouble file can be placed in an archive that can be hosted on the internet.  Microsoft stated that Apple’s Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack, is aimed to stop zero-click remote code execution exploits and therefore does not defend against Achilles.  Apple addressed the vulnerability with the release of macOS Ventura 13 in October, and macOS Monterey 12.6.2, and macOS Big Sur 11.7.2 in December.

SecurityWeek reports: "Microsoft Details Recent macOS Gatekeeper Bypass Vulnerability"