1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft uncovers macOS flaw that could let malware run riot

    From TechnologyDaily@1337:1/100 to All on Tue Dec 20 15:15:03 2022
    Microsoft uncovers macOS flaw that could let malware run riot

    Date:
    Tue, 20 Dec 2022 15:00:38 +0000

    Description:
    The Achilles flaw allows threat actors to bypass security measures in macOS.

    FULL STORY ======================================================================

    Microsoft has revealed it discovered a major vulnerability in Apples macOS which could have allowed threat actors to bypass the operating systems security protocols and run all kinds of malware on vulnerable endpoints .

    The vulnerability has since been shared with Apple and subsequently patched.

    In a blog post detailing the findings, Microsoft said that in late July its researchers discovered a way to bypass the Gatekeeper security mechanism and run untrusted apps on the target device. Gatekeeper is a security feature
    that enforces code signing and verifies downloaded applications before they are allowed to run. Apple fixes the issue

    Given Apples reliance on Gatekeeper to safeguard macOS users, Microsoft has dubbed the vulnerability Achilles. It notified the company of its findings through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR), and Apple quickly released a patch to all of the macOS versions.

    Achilles is now being tracked as CVE-2022-42821, and is described on the CVE.mitre.org site as a logic issue that was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, and macOS Ventura 13, the site says. Read more

    These are the best pivacy tools around


    There's a major new security update for iOS and macOS, so update now


    Mac and iOS security flaw could expose your Siri conversations but theres
    a fix

    Microsoft also said the vulnerability cant be eliminated with the use of Apples Lockdown Mode, suggesting that applying the patch is the only way forward. Lockdown Mode, introduced in macOS Ventura, is an optional
    protection feature for high-risk users, designed to stop zero-click remote code execution exploits. Therefore, Microsoft says, it does not defend
    against Achilles.

    End-users should apply the fix regardless of their Lockdown Mode status, the announcement reads.

    Gatekeeper may be a pivotal part of securing the macOS environment, but its not without its flaws, Microsoft said. Apparently, fake apps are one of the most popular attack vectors in the Apple ecosystem, suggesting that
    Gatekeeper bypass techniques are an attractive and even necessary capability for attackers. These are the best firewalls around



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-uncovers-macos-flaw-that-could-let-ma lware-run-riot


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)