macOS had a vulnerability that Lockdown Mode wouldn't defeat

Posted:
in macOS
Following Apple's patching of the issue, Microsoft has revealed it discovered a way to bypass Gatekeeper in macOS, and even Lockdown Mode to run malware.

Lockdown Mode enhances iPhone security well beyond what regular users need
Lockdown Mode enhances iPhone security well beyond what regular users need


The vulnerability, called "Achilles" by Microsoft and now CVE-2022-42821 by Apple, was discovered in July 2022 and reported to Apple. In a blog post about the issue, Microsoft says that "fixes for the vulnerability... were quickly released by Apple," though it appears these updates were not issued until December 13, 2022.

Jonathan Bar Or of the Microsoft 365 Defender Research Team in the blog post that "Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple's Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices."

"We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call 'Achilles'," he continued. "Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS."

Microsoft goes into detail about the team's discovery and the method of access that attackers could have used if the vulnerability had not been patched. Significantly, though, the company also warns that Apple's new Lockdown Mode would not have prevented such an attack.

"We note that Apple's Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users that might be personally targeted by a sophisticated cyberattack is aimed to stop zero-click remote code execution exploits, and therefore does not defend against Achilles," said Microsoft in the post.

"End-users should apply the fix regardless of their Lockdown Mode status," concludes Microsoft. "We thank Apple for the collaboration in addressing this issue."

How Gatekeeper protects users

Apple's Gatekeeper is the security feature that alerts users when they launch an app that is not from the App Store, is "from an unidentified developer," or is "from the internet." Despite the protection it gives users, Gatekeeper has been found to have flaws before, including in October 2022, and May 2019.

Coincidentally, Lockdown Mode was unveiled in July 2022, the same month that Microsoft discovered the new vulnerability. Intended as an optional and extreme protection system for users facing "grave, targeted threats to their digital security," it deliberately severely limits system functionality.

Read on AppleInsider

Comments

  • Reply 1 of 8
    ...and in related news for consideration: 10 Apple Privacy Problems That Might Surprise You

    https://www.msn.com/en-us/news/technology/10-apple-privacy-problems-that-might-surprise-you/ss-AA150PHp#image=1
    gatorguy
  • Reply 2 of 8
    That's what happens when you're handed a bleeping gag order for backdoors
  • Reply 3 of 8
    auxioauxio Posts: 2,717member
    ...and in related news for consideration: 10 Apple Privacy Problems That Might Surprise You

    https://www.msn.com/en-us/news/technology/10-apple-privacy-problems-that-might-surprise-you/ss-AA150PHp#image=1
    And they hide it behind a click-wall. :D  The companies who live off of data harvesting are trying so hard to convince everyone that Apple is the same as them. How about they start by laying bare all the ways they harvest data and what it's used for, then compare to Apple? They wouldn't dare lift the curtain like that.
    FileMakerFellerwatto_cobra
  • Reply 4 of 8
    That's a really clever exploit. Well done to the research team.
    watto_cobra
  • Reply 5 of 8
    As much as we may not like Google or Microsoft it's nice to see they see and report this stuff to Apple. Nothing is 100% foolproof and never will be. It's also nice to see Apple fixing these issues ASAP. Maybe not in the next update if it's too far into development but usually within the next update. 
    watto_cobra
  • Reply 6 of 8
    auxio said:
    ...and in related news for consideration: 10 Apple Privacy Problems That Might Surprise You

    https://www.msn.com/en-us/news/technology/10-apple-privacy-problems-that-might-surprise-you/ss-AA150PHp#image=1
    And they hide it behind a click-wall. :D  The companies who live off of data harvesting are trying so hard to convince everyone that Apple is the same as them. How about they start by laying bare all the ways they harvest data and what it's used for, then compare to Apple? They wouldn't dare lift the curtain like that.
    I'm not sure I understand your comparative comment...
    I found this comment (9 of 11) of particular note: "Apple circumvents your device’s VPN to collect data about your activity."


  • Reply 7 of 8
    danoxdanox Posts: 2,804member
    macxpress said:
    As much as we may not like Google or Microsoft it's nice to see they see and report this stuff to Apple. Nothing is 100% foolproof and never will be. It's also nice to see Apple fixing these issues ASAP. Maybe not in the next update if it's too far into development but usually within the next update. 
    They ain’t doing Apple any favors, the purpose is false equivalence….
  • Reply 8 of 8
    macxpressmacxpress Posts: 5,801member
    danox said:
    macxpress said:
    As much as we may not like Google or Microsoft it's nice to see they see and report this stuff to Apple. Nothing is 100% foolproof and never will be. It's also nice to see Apple fixing these issues ASAP. Maybe not in the next update if it's too far into development but usually within the next update. 
    They ain’t doing Apple any favors, the purpose is false equivalence….
    Oh okay so they should just keep it to themselves and let Apple falter....Look I'm not a Microsoft or Google person but I can give credit where credit is due. 
    muthuk_vanalingam
Sign In or Register to comment.