Critical flaw on macOS: you should update your laptop!


MacOS Monterey

Gatekeeper, the system used by macOS to authenticate applications, has a vulnerability. Without a warning, malware may have been injected. Here are the explanations.

On macOS, a fresh serious security hole has been the subject of a new discovery. Microsoft cybersecurity researcher Jonathan Bar Or was able to identify this problem. The specifics of this new vulnerability are covered in a blog post by Microsoft Security Threat Intelligence that was posted on Monday, December 19.

Microsoft discovers a security flaw in macOS

The CVE-2022-42821 flaw, which they call “Achilles” since July 27, 2022, enables getting around Apple’s Gatekeeper protection. Software downloaded from the internet can be verified thanks to a program created by the Apple company.

According to a statement by Apple on its website, “when you install Mac programs, add-ons, and installers that aren’t from the App Store, macOS validates the developer’s ID signature to make sure the product is from an identified source and hasn’t got modifications”. Thus, the user is secure against the download of viruses and other harmful software.

Jonathan Bar Or shows the recently found weakness via a PoC, or Proof of Concept (prototype). He was able to create a program that prevents a file from adding to the ACL (Access Control List). The browser downloaded program was no longer marked as “unverified,” and it could subsequently be installed without encountering any problems.

By using this method, hackers might be able to spread malware. Without Gatekeeper being able to determine where it came from and who developed it.

Gizchina News of the week


Read Also:  Native WhatsApp for Mac Goes into Public Beta, Tipped to Work on iPad Too

iPhone macOS

An update is already available

The Apple teams were aware of the problem at that time. A rapid security update was available. The bug got a fix on December 13th in macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur). According to our colleagues at BleepingComputer.

So, this kind of zero day flaw will not be a problem. By the Lockdown mode that Apple created and included in macOS Ventura. However, according to researchers at Microsoft Security Threat Intelligence, the computer is not immune to the “Achilles” flaw. Regardless of the activation status of Lockdown Mode, the experts advise end users to apply the patch. Apple claims that it has fixed the problem by doing better checks.

macOS security flaws by year

2022 93
2021 332
2020 314
2019 308
2018 110
2017 308
2016 218
2015 407
2014 132
2013 69
2012 40
2011 79

 

Source/VIA :
Previous 5G: Apple To Stick With Qualcomm For iPhone 15
Next Wiko 5G is coming soon as a rebranded Huawei Nova 9 SE