A security flaw allowed malicious applications to bypass the protection system of the operating system from Apple.
Many still believe that macOS is a safe platform, and safe from any risk of hacking. Nothing could be further from the truth and Apple’s operating system, like all computer systems, can be subject to security issues.
A flaw that bypasses the macOS protection system, GateKeeper
The Achilles vulnerability is the most telling example. On July 27, Microsoft security teams updated a security flaw present in the latest public versions of macOS.
The latter uses the AppleDouble file format, which includes access lists with permissions to pass through the GateKeeper system. The latter, at work for several years on Macs, makes it possible to avoid the installation of malicious applications by checking the installation packages before they are opened.
If GateKeeper is circumvented via this flaw, it is impossible to prevent the installation of an application, even in Isolation or Lockdown mode, which can have serious consequences for the security of a machine or a fleet of devices.
Security holes plugged by Apple in several updates to be made urgently
Once the flaw was discovered and documented, Microsoft registered it in the National Vulnerability Database under the reference CVE-2022-42821. Apple was obviously immediately contacted by security researchers from Microsoft teams to inform them of their findings.
The Windows publisher communicates today on the subject, because Apple has solved the flaw for a few weeks. The latest version of the system, macOS Ventura, offers a fix and prevents any exploitation and circumvention of GateKeeper.
If you haven’t upgraded to the new version yet, or your machine isn’t compatible, Apple just days ago released security patches for macOS Big Sur and macOS Monterey. Other security vulnerabilities have also been plugged via these patches.
As you will have understood, we invite you to update your Macs as quickly as possible to avoid any hacking attempt, and to apply security patches and updates as quickly as possible.
Source : Microsoft
4