On Monday, researchers from the Microsoft 365 Defender Research Team released details on CVE-2022-42821, a vulnerability that Apple patched on 13 December. Dubbed “Achilles,” the exploit would enable malware to bypass Gatekeeper, Apple’s solution for checking software for valid certificates or for known malware. This is not the first Gatekeeper bypass; 6 such vulnerabilities have been disclosed since 2014. This exploit follows half of the previous Gatekeeper bypasses by interfering with the assignment of a quarantine extended attribute, preventing Gatekeeper from triggering. More specifically, CVE-2022-42821 exploits an older compatibility mechanism called AppleDouble to manually apply an Access Control List (ACL) to the device, preventing applications from writing the quarantine attribute to the file.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.