Gatekeeper bypass exposes Macs to malware

By on
Gatekeeper bypass exposes Macs to malware

Microsoft researcher discovered access control list bug.

Microsoft has gone public with an analysis of a mac OS Gatekeeper bug it discovered in July, dubbed Achilles, following patch releases by Apple last week.

The bug, CVE-2022-42821, exists in the macOS Monterey, Big Sur, and Ventura, allowing an app to bypass Gatekeeper checks.

Gatekeeper checks apps users download from the Internet. If the app is signed by Apple, the user is asked to confirm they wish to launch it; if not, the app is untrusted and execution is refused.

What Microsoft threat researcher Jonathan Bar Or discovered is that an attacker could use mac OS access control lists (ACLs) to bypass Gatekeeper.

ACLs give files and directories more finely grained permission management than exists in the permission model mac OS inherited from its Unix roots.

Bar Or discovered a logic error in how ACLs are applied to files. It prevents browsers and downloaders from setting the attribute (com.apple.quarantine) that alerts Gatekeeper that a file is untrusted.

Bar Or describe the following proof-of-concept for bypassing Gatekeeper:

  • “Create a fake directory structure with an arbitrary icon and payload.
  • Create an AppleDouble file with the com.apple.acl.text extended attribute key and a value that represents a restrictive ACL (we chose the equivalent of “everyone deny write,writeattr,writeextattr,writesecurity,chown”). Perform the correct AppleDouble patching if using ditto to generate the AppleDouble file.
  • Create an archive with the application alongside its AppleDouble file and host it on a web server.”

The fixes are in mac OS Big Sur 11.7.2Monterey 12.6.2, and Ventura 13.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applebig surmicrosoftmontereysecurityventuravulnerability

Sponsored Whitepapers

Using Cloud-Based, AI-Driven Management to Improve Network Operations
Using Cloud-Based, AI-Driven Management to Improve Network Operations
The Business Value of AIOps-Driven Network Management
The Business Value of AIOps-Driven Network Management
The AI-Driven Campus: Using artificial intelligence for the campus networks of the next decade
The AI-Driven Campus: Using artificial intelligence for the campus networks of the next decade
Bringing AI To Enterprise Networking: The Journey to better experiences with AIOps
Bringing AI To Enterprise Networking: The Journey to better experiences with AIOps
Adjusting to a New Era in Ransomware Risk
Adjusting to a New Era in Ransomware Risk

Events

Most Read Articles

TPG Telecom discloses hosted Exchange breach at iiNet, Westnet

TPG Telecom discloses hosted Exchange breach at iiNet, Westnet
Fire Rescue Victoria investigating security incident

Fire Rescue Victoria investigating security incident
ATO, AFP and DFAT outsourced IT deals screened on security grounds

ATO, AFP and DFAT outsourced IT deals screened on security grounds
Seven critical vulnerabilities round out Microsoft's 2022

Seven critical vulnerabilities round out Microsoft's 2022

Digital Nation

Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology

Log In

  |  Forgot your password?