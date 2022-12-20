Back in July 2022, Microsoft's security researchers discovered a vulnerability in macOS that allowed attackers to bypass application execution restrictions imposed by Apple's Gatekeeper - a security mechanism that ensures only trusted apps run on Mac devices.

The vulnerability, dubbed Achilles, is now identified as CVE-2022-42821. Microsoft shared the vulnerability with Apple in July 2022, fixes for which was released by the latter to all their OS versions.

"Due to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature. However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access," Jonathan Bar Or of the Microsoft Security Threat Intelligence team wrote in a blog post that details Apple's Gatekeeper and the vulnerability able to bypass it.

According to the post, the vulnerability utilized Access Control Lists (ACLs), a mechanism in macOS that further extends the traditional permission model, to bypass the Gatekeeper security.

Microsoft also noted that Apple's Lockdown Mode, an optional protection feature in macOS Ventura designed to offer extreme, optional protection for the very small number of users who face grave and targeted threats to their digital security, does not defend against Achilles.

"Collaborative research such as this informs our comprehensive protection capabilities across platforms, allowing Microsoft Defender for Endpoint to deliver and coordinate threat defense across all major OS platforms including Windows, macOS, Linux, Android, and iOS. On macOS devices, Microsoft Defender for Endpoint detects and exposes threats and vulnerabilities, including CVE-2022-42821, using antivirus, endpoint detection and response (EDR), and threat and vulnerability management capabilities," Bar Or said.