If there was a time when Apple and Microsoft were two absolute enemies, this is no longer true in 2022. Redmond giant’s computer security researcher, Jonathan Bar Or, found a flaw in macOS and immediately reported it to Apple technicians. This bug affects macOS Ventura, macOS Big Sur (11.7.2), macOS Monterey (12.6.2).
Mistake named Achilles and followed belowidentifier CVE-2022-42821exploits a bug in GateKeeper, a macOS security mechanism that checks downloaded apps before allowing them to run. When the user downloads a file from the Web, GateKeeper verifies that its code has been approved by Apple and prompts the user for confirmation. Hackers can trick GateKeeper by preventing it from adding a file to the ACL (Access Control List), which is a list of files to be quarantined if its source is suspect.
Microsoft discovery saves Mac users huge headaches
Cybercriminals can download and distribute malicious code to the target computer, bypassing GateKeeper’s quarantine. According to Microsoft, Apple-implemented controls, including isolation modeWhen enabled, it maximizes the security level of macOS to protect users from the most sophisticated attacks, useless against Achilles.
macOS users like to say that because their operating system is more secure, they are less prone to attacks and viruses. As this new flaw proves, the GateKeeper function is far from a security guarantee. Thanks to Microsoft’s help, Apple teams managed to create a patch against Achilles. If you’re using a Mac, it’s highly recommended to apply as soon as possible. Engineers at the Redmond firm add: “Users should apply the patch regardless of their isolation mode state”.
Source : Microsoft