According to Microsoft, Gatekeeper could have allowed attackers to compromise vulnerable Macs with malicious software.
The flaw was discovered by Microsoft principal security researcher Jonathan Bar Or. The bug could allow Gatekeeper to be bypassed.
Gatekeeper is a security feature that allows only trusted software to run on MacOS. All apps downloaded from the internet are checked by the feature to make sure they are from developers who have been notified by Apple that their apps are free of malicious content.
According to Microsoft, macOS adds a "quarantine" attribute to apps and files that have been downloaded from a web browser and instructs Gatekeeper to check the file before opening it. The vulnerability exploits a file permission model called Access Control Lists (ACLs) to add extremely restrictive permission to a downloaded file, which prevents web browsers from properly setting theQuarantine attribute.
Gatekeeper's security protections can't be triggered when a user is tricked into opening a malicious file.
Apple didn't acknowledge the vulnerability until last week, despite Microsoft reporting it in July.
Lockdown Mode, an opt-in Apple feature introduced earlier this year to help high-risk users block some of the more sophisticated cyberattacks, wouldn't defend against the Achilles vulnerability since it's aimed at stopping silent and remotely triggered attacks. The fix should be applied regardless of Lockdown Mode status.
Many Gatekeeper bypasses have been found in the last few years. In April 2021, Apple fixed a zero-day vulnerability in macOS that allowed the threat actors behind Shlayer to circumvent Apple's Gatekeeper and notarization security checks.
Apple mistakenly approved a widely used malware to run on Macs