Apple fixes a nasty 'Achilles' flaw that makes your Mac vulnerable to attack
December 22, 2022 By Raulf Hernes
(Image Credit Google)
If you haven't already, update your Mac to the most latest versions of Ventura, Monterey, or Big Sur. An attacker could use a nasty new bug patched in last week's updates to circumvent Apple's strict security protocols and install malware on your Mac.
Microsoft discovered the Achilles vulnerability and posted about it on its Security blog. Achilles essentially uses a file format called AppleDouble within macOS that contains Access Control Lists with restricted permissions to fool Gatekeeper, a macOS feature that restricts malware installations. Once Gatekeeper is disabled, the software installation can progress without the user being prompted or any part of the system interfering, even when the system is in Lockdown mode. Microsoft observes that since
Achilles is identified as CVE-2022-42821 in the National Vulnerability Database and was discovered by Microsoft in July. It is customary for vulnerability discoverers to publish their study results after patches have been published. Microsoft has released a proof-of-concept video for Achilles, which can be found here.
Achilles was fixed, according to Apple's security notes, when macOS Ventura was released in October; however, the mention of the fix was not in the original version of the notes and was added on December 13. In last week's updates, Apple also fixed Achilles in macOS Monterey and Big Sur.
Gatekeeper was launched in Mac OS X Mountain Lion in 2012 and has had a few security flaws patched over the years—besides Achilles, Microsoft's blog lists six recent vulnerabilities. While Gatekeeper is an essential feature for Mac security, it isn't perfect, which is why it's important to install OS updates as quickly as possible.