If you haven’t updated your Mac to the latest version of Ventura, Monterey, or Big Sur, you should be quick to do so. An attacker could use a nasty new bug that was fixed in last week’s updates to bypass Apple’s strict security protections and install malware on your Mac.
Discovered by Microsoft, the company posted on its security blog about the vulnerability called Achilles. Basically, Achilles uses a file format within macOS called AppleDouble that includes access control lists with restrictive permissions to trick Gatekeeper, a macOS feature that prevents malware from installing. Once Gatekeeper is bypassed, software installation can continue without the user being warned or prevented by any part of the system, even when in lockdown mode.
Achilles is filed in the National Vulnerability Database as CVE-2022-42821 and was discovered by Microsoft in July. It is common for vulnerability discoverers to publish their findings after patches have been released. Microsoft posted a proof-of-concept video for Achilles, which can be viewed here. Microsoft notes that since Apple’s new lockdown mode is “intended to stop no-click remote code execution exploits,” it is defenseless against Achilles.
According to Apple’s security notes when macOS Ventura was released in October, Achilles was fixed, however the annotation about the fix was not in the original version of the notes and was only added on December 13. Apple also patched Achilles in macOS Monterey and Big Sur in updates released last week.
Gatekeeper was introduced in Mac OS X Mountain Lion in 2012 and a few security holes have been patched over the years: Microsoft’s blog lists six recent vulnerabilities in addition to Achilles. While Gatekeeper is an important feature for protecting your Mac, it’s not perfect, so it’s just another reason why it’s a good idea to install operating system updates as soon as possible.
