This Critical MacOS Flaw May Leave Your Mac Defenseless

Apple’s macOS operating system has such a strong reputation for security that many people mistakenly believe that Macs are simply not affected by malware. Well, Microsoft has issued a reminder that this is not true, as the company has identified a serious vulnerability that affects one of macOS’s most important lines of defense.

According to Bleeping Computer, the bug was first reported by Jonathan Bar Or, Microsoft’s chief security researcher, who named the bug Achilles. It is now tracked as CVE-2022-42821.

A close-up of a MacBook illuminated under neon lights.

In simple terms, Achilles works by bypassing macOS’s Gatekeeper feature. When a user downloads a Mac app, plug-in, or installer that isn’t from Apple’s App Store, Gatekeeper checks that it’s from a verified developer, has been notarized by Apple to be free of malware, and hasn’t been modified not. If the app passes those checks, it can run on the user’s Mac. If it fails, Gatekeeper blocks it.

Achilles, however, found a way around this protection. As detailed in a recent Microsoft blog post, macOS assigns an extended feature called com.apple.quarantine to applications downloaded using Internet browsers. Among other things, this feature tells macOS that Gatekeeper must check the file before it can be installed.

Achilles blocks the assignment of this attribute. This means that a malicious file would be able to run on macOS without ever activating Gatekeeper, thereby bypassing Apple’s built-in security protections.

Interestingly, Microsoft says that macOS’s shutdown mode is of no use in fighting Achilles because it was designed to solve a different problem. Lockdown Mode is a special high-security mode in macOS that protects individuals who are vulnerable to highly sophisticated cyberattacks—think journalists in repressive states, for example. Regardless of your Lockdown Mode status, you should update macOS to protect against Achilles.

The security flaw was originally discovered by Microsoft in July 2022 and was fixed by Apple in macOS 13 (Ventura), macOS 12.6.2 (Monterey) and macOS 11.7.2 (Big Sur). This highlights the importance of keeping macOS up to date to ensure you have the latest security fixes and fixes.

This isn’t the first time Microsoft has spotted a macOS vulnerability and helped Apple fix it. In February 2022, for example, Microsoft issued a warning about a macOS trojan called UpdateAgent. Interestingly, this malware can also get around Gatekeeper. This shows that while Gatekeeper is an excellent piece of defensive software, it is not bulletproof.