A Microsoft security team has discovered a vulnerability in macOS that would allow malware to bypass security checks dubbed Achilles. Hackers can employ Achilles to inject malware on macOS hardware via untrusted apps that could bypass Gatekeeper.

Estimated reading time: 2 minutes

The Microsoft security team member who discovered the vulnerability is security researcher Jonathan Bar-Or, and Microsoft has logged Achilles as CVE-2022-42821. Apple has taken care of the issue with security updates to macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur). The updates should have hit user devices on December 13th, so if you haven’t updated, you are advised to do so to patch the Achilles bug.

macOS Gatekeeper is part of the operating systems security features which checks downloaded apps for notarization and an approved Apple developer signature. The user is then asked to confirm they want to open the application, and in some instances, macOS will warn the user the app cannot be trusted.

MacOS Monterey Apple fixes Achilles macOS vulnerability discovered by Microsoft

According to Bleeping Computer, “the Achilles flaw allows specially-crafted payloads to abuse a logic issue to set restrictive Access Control List (ACL) permissions that block web browsers and Internet downloaders from setting the com.apple.quarantine attribute for downloading the payload archived as ZIP files. As a result, the malicious app contained within an archived payload launches on the target’s system instead of getting blocked by Gatekeeper, allowing attackers to download and deploy malware.”

It is always essential to update macOS as soon as you see updates show up. Some users may need to wait and ensure the update does not conflict with crucial apps on their systems, but the general rule for regular users is to update when the update drops.

What do you think of Achilles? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network. Be sure to subscribe to our RUMBLE channel as well!

Last Updated on December 20, 2022.

Achilles macOS vulnerability-min

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Apple may allow app sideloading and 3rd party app stores in 2024

December 14, 2022 0 Comments 5 tags

Apple has always been known for having a closed ecosystem. The company’s walled garden has been criticized and praised for years. On the one hand, keeping control of the platform

Tesla releases new software update to improve Sentry Mode

December 4, 2022 0 Comments 5 tags

Tesla has started to push a new software update to its fleet in order to improve Sentry Mode, a surveillance system built into its vehicles. Tesla’s Sentry Mode is an

The Worldwide Debt Collection Software Industry is Projected to Reach $6.5 Billion by 2030: Cloud Delivery Model Steps In to Accelerate Market Expansion

February 4, 2023 0 Comments 5 tags

Dublin, Feb. 03, 2023 (GLOBE NEWSWIRE) — The “Debt Collection Software – Global Strategic Business Report” report has been added to ResearchAndMarkets.com’s offers. The global market for Debt Collection Software