Microsoft discovers bug in macOS that allows malware to circumvent Apple’s security

December 20, 2022

After Jonathan Bar Or, a Microsoft security researcher, discovered the Achilles CVE-2022-42821 macOS flaw, which allowed hackers to deploy malware to vulnerable macOS devices via untrusted apps and circumvent application execution restrictions imposed by Apple’s Gatekeeper security mechanism. Apple fixed the bug in macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur).

The Gatekeeper mechanism is intended to ensure that only trusted apps are allowed to run on Mac devices. However, a vulnerability known as Achilles by Microsoft enabled cybercriminals to circumvent this security measure.

Microsoft discovered the Achilles vulnerability, which uses a permission model known as Access Control Lists (ACLs) to add extremely restrictive permissions to a downloaded file (i.e., “everyone deny write,writeattr,writeextattr,writesecurity,chown”), preventing Safari from setting the quarantine extended attribute.

On Apple macOS, the Gatekeeper security mechanism is intended to identify trusted apps. An extended attribute called “com.apple.quarantine” enforces this. It is assigned to internet-downloaded files.

According to Microsoft, the Achilles vulnerability takes advantage of a permission model known as Access Control Lists (ACLs) to grant extremely limited permissions to a downloaded file (i.e., “everyone deny write,writeattr,writeextattr,writesecurity,chown”). It prevents Safari from configuring the quarantine extended attribute.

The sources for this piece include an article in BleepingComputer.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn