Home Security Microsoft Particulars Gatekeeper Bypass Vulnerability in Apple macOS Techniques

Microsoft Particulars Gatekeeper Bypass Vulnerability in Apple macOS Techniques

by crpt os


Dec 20, 2022Ravie LakshmananEndpoint Security / Vulnerability

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.

The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

“Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said.

CyberSecurity

Gatekeeper is a security mechanism designed to ensure that only trusted apps run on the operating system. This is enforced by means of an extended attribute called “com.apple.quarantine” that’s assigned to files downloaded from the internet. It is analogous to the Mark of the Web (MotW) flag in Windows.

Thus when an unsuspecting user downloads a potentially harmful app that impersonates a piece of legitimate software, the Gatekeeper feature prevents the apps from being run as it’s not validly signed and notarized by Apple.

Even in instances where an app is approved by Apple, users are displayed a prompt when it’s launched for the first time to seek their explicit consent.

Given the crucial role played by Gatekeeper in macOS, it’s hard not to imagine the consequences of sidestepping the security barrier, which could effectively permit threat actors to deploy malware on the machines.

The Achilles vulnerability identified by Microsoft exploits a permission model called Access Control Lists (ACLs) to add extremely restrictive permissions to a downloaded file (i.e., “everyone deny write,writeattr,writeextattr,writesecurity,chown”), thereby blocking Safari from setting the quarantine extended attribute.

In a hypothetical attack scenario, an adversary could embrace the technique to craft a rogue app and host it on a server, which could then be delivered to a possible target via social engineering, malicious ads, or a watering hole.

The method also circumvents Apple’s newly introduced Lockdown Mode in macOS Ventura – an opt-in restrictive setting to counter zero-click exploits – necessitating that users apply the latest updates to mitigate threats.

“Fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks,” Bar Or said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex