Microsoft discovered the 'Achilles heel' of macOS's security tool

News
By
published

Microsoft and Apple worked together to fix a security issue in macOS.

13-inch MacBook Pro with M2 chip
(Image credit: Future)

What you need to know

  • Microsoft discovered a vulnerability in macOS in July 2022 that could be used to bypass the Gatekeeper security mechanism.
  • The vulnerability was disclosed in the same month and was quickly addressed by Apple.
  • Apple shipped an update that addresses the bug for macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur).

Back in July 2022, Microsoft discovered a security vulnerability in macOS. A bug allowed attackers to bypass Apple's Gatekeeper security mechanism, which protects computers by only allowing trusted apps to be installed. The discovered vulnerability, if left unpatched, could allow threat actors to get malware onto systems.

Microsoft dubbed its proof-of-concept that exploited the vulnerability "Achilles" and informed Apple of the issue through Coordinated Vulnerability Disclosure.

Microsoft goes into detail about how the vulnerability was discovered and the implications of such an issue in a recent post. The breakdown is useful for security experts and researchers but is more in-depth than most everyday users need. The main takeaway is that Microsoft discovered the security risk, informed Apple, and Apple fixed the issue quickly.

Updates to address the Achilles vulnerability were shipped to macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur) on December 13, 2022 (via Bleeping Computer).

How macOS secures systems

Several security features and layers of protection make it harder for attackers to get malware and other malicious programs onto macOS. When anyone downloads an app through a browser on macOS, be it Safari or another browser, a marker is added to the file. Apple's Gatekeeper and other tools then enforce mitigations and other protections. For example, if Gatekeeper finds an app that is not signed and notarized, it will tell a person that the app cannot be run because it's not trusted.

The system is not perfect, however, as noted by Microsoft:

"Due to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature. However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access."

Security vulnerabilities are common, and companies such as Apple and Microsoft combat them frequently. The Achilles bug is noteworthy because Microsoft discovered the issue within macOS.

CATEGORIES
Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.