Apple: thanks to Microsoft, macOS users miss a big vulnerability

If you are a macOS user and your system is not up to date, perform this operation quickly, your security is at stake. Microsoft has discovered a flaw in Apple’s OS, and the patch has already been released .

If there was a time when Apple and Microsoft were two absolute enemies, this is no longer true at all in 2022. Jonathan Bar Or, a computer security researcher from the Redmond giant, found a flaw in macOS, and immediately reported it to Apple technicians. This bug affects macOS Ventura, macOS Big Sur (11.7.2), macOS Monterey (12.6.2).

The flaw named Achilles and followed underidentifier CVE-2022-42821, exploits a bug in GateKeeper, a macOS security mechanism that checks downloaded apps before allowing them to run. When the user downloads a file from the Web, GateKeeper verifies that its code has been approved by Apple, and asks the user for confirmation. Hackers can fool GateKeeper by preventing it from adding a file to the ACL (Access Control List), a list of files to place in quarantine if they are of questionable origin.

Microsoft discovery saves Mac users big headaches

By bypassing GateKeeper’s quarantine, cybercriminals can download and deploy malicious code to the target computer. According to Microsoft, the controls put in place by Apple, including Isolation modewhich when enabled raises the security level of macOS to its maximum to protect users from the most sophisticated attacks, are useless against Achilles.

macOS users like to say that they are less prone to attacks and viruses because their operating system is more secure. As this new flaw proves, the GateKeeper functionality is far from being a guarantee of security. Thanks to Microsoft’s help, Apple teams were able to create a patch against Achilles. It is strongly recommended to apply it as soon as possible if you use a Mac. The engineers of the Redmond firm add: “users should apply the patch regardless of their isolation mode status”.

Source: Microsoft