![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/10\/gatekeeper-600x300.jpeg\")
<\/p>\n<\/p>\n
Last week, on December 13, Apple released security updates<\/a> for all of its currently supported operating systems, including all three recent versions of macOS. In total, at that time Apple named 36 vulnerabilities that it had patched in macOS Ventura, of which 23 were patched for macOS Monterey, and 20 for macOS Big Sur.<\/p>\n But earlier this week, and again as recently as this morning, new details have come to light about what was patched in these updates, as well as other previous Apple updates. Here’s the full story\u2014including details you won’t find anywhere else.<\/p>\n In this article:<\/em><\/p>\n One of the vulnerabilities that was patched in both macOS Monterey 12.6.2 and macOS Big Sur 11.7.2 last week had been silently patched in macOS Ventura 13 nearly two months earlier:<\/p>\n BOM In a new Microsoft report<\/a> released on December 19, Jonathan Bar Or revealed that Microsoft had discovered the vulnerability back on July 27, and shared it with Apple the same month.<\/p>\n If a malicious app were to leverage this vulnerability, it could potentially bypass Apple’s Gatekeeper technology. Gatekeeper is supposed to prevent Mac malware and other untrusted software from being able to run.<\/p>\n Microsoft says that it developed a proof-of-concept exploit dubbed “Achilles” to test the vulnerability.<\/p>\n Microsoft also noted that macOS Ventura’s optional new Lockdown Mode<\/a> feature does not prevent the exploitation of this vulnerability.<\/p>\n The vulnerability’s discovery was inspired by reconsidering a past Gatekeeper bypass that Apple fixed in 2021. The new vulnerability leverages the persistence of file metadata using AppleDouble files, which are usually named with a “._” (dot-underscore) prefix and are hidden in the Finder by default, and Access Control Lists (ACLs).<\/p>\n \ud83e\udee0\u2620\ufe0f Gatekeeper, released over a decade ago (July 2012), is still trivial to bypass. <\/p>\n Lovely research by @yo_yo_yo_jbo<\/a>, (ab)uses AppleDouble & ACLs to fully bypass Gatekeeper …again https:\/\/t.co\/De6zg5A71h<\/a><\/p>\n — Patrick Wardle (@patrickwardle) December 20, 2022<\/a><\/p><\/blockquote>\n\n
Timeline of events<\/h3>\n
\n
Microsoft discovers new Gatekeeper bypass vulnerability<\/h3>\n
\n<\/strong>Impact: An app may bypass Gatekeeper checks
\nDescription: A logic issue was addressed with improved checks.
\nCVE-2022-42821: Jonathan Bar Or of Microsoft<\/p><\/blockquote>\n![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/01\/gatekeeper-both-gates-open.jpg\")
This is not the first time that a Gatekeeper-bypass vulnerability has been discovered.<\/strong> Microsoft shared examples of half a dozen other such vulnerabilities that have been patched in recent years, including another from earlier in 2022, and three from 2021. We’ve previously covered various other Gatekeeper bypasses<\/a> on The Mac Security Blog.<\/p>\n\n