The Achilles security flaw allowed applications to bypass Apple’s Gatekeeper technology, a built-in facet of macOS devices that ensures that only trusted applications run on Mac (h/t BleepingComputer).
What Achilles allowed hackers to do
Jonathan Bar Or, principal security researcher at Microsoft, discovered the macOS Achilles security vulnerability; the flaw is now tracked as CVE-2022-42821 (opens in new tab). As mentioned, Gatekeeper is a macOS cybersecurity perk that automatically vets all users’ downloaded apps to ensure they’re not malicious. “When you install Mac apps, plug-ins, and installer packages from outside the App Store, macOS checks the Developer ID signature to verify that the software is from an identified developer and that it has not been altered,” Apple said. As an added layer of protection, on devices with macOS Catalina or later, the Cupertino-based tech giant requires that all software is signed and notarized. As Microsoft explained, macOS “knows” when you’ve downloaded something because web browsers attach a “com.apple.quarantine” attribute to it, alerting your system that Gatekeeper needs to kick in to assess the new file. However, the Achilles security vulnerability allowed hackers to block web browsers from setting the “com.apple.quarantine” attribute. Consequently, attackers could bypass Gatekeeper and unleash gnarly second-stage payloads. Microsoft revealed that Lockdown Mode, a new extreme security feature Apple recently introduced to Apple users, isn’t effective against Achilles, which isn’t surprising because it’s designed to defend against zero-click remote code execution exploits. On the plus side, if you’re a macOS user, you shouldn’t worry. Apple rectified the Achilles security bug in macOS Ventura 13, macOS Big Sur 11.7.2 and macOS Monterey 12.6.2. Microsoft notes that this isn’t the first time that Gatekeeper faced security vulnerabilities. In past years, malware families such as Shlayer took advantage of Gatekeeper’s flaws to wreak havoc on users’ devices.
