macOS users faced gnarly bug dubbed 'Achilles' — what it allowed malicious attackers to do

Apple MacBook Pro 2021 (14-inch)
Apple MacBook Pro 2021 (14-inch) (Image credit: Future)

A Microsoft security researcher discovered a macOS flaw, dubbed Achilles, that allowed hackers to unleash malware to susceptible macOS devices via untrusted apps, the Redmond-based tech giant reported in its Microsoft Security Threat Intelligence blog on Monday (opens in new tab).

The Achilles security flaw allowed applications to bypass Apple's Gatekeeper technology, a built-in facet of macOS devices that ensures that only trusted applications run on Mac (h/t BleepingComputer).

What Achilles allowed hackers to do

Jonathan Bar Or, principal security researcher at Microsoft, discovered the macOS Achilles security vulnerability; the flaw is now tracked as CVE-2022-42821 (opens in new tab). As mentioned, Gatekeeper is a macOS cybersecurity perk that automatically vets all users' downloaded apps to ensure they're not malicious.

"When you install Mac apps, plug-ins, and installer packages from outside the App Store, macOS checks the Developer ID signature to verify that the software is from an identified developer and that it has not been altered," Apple said. As an added layer of protection, on devices with macOS Catalina or later, the Cupertino-based tech giant requires that all software is signed and notarized.

As Microsoft explained, macOS "knows" when you've downloaded something because web browsers attach a "com.apple.quarantine" attribute to it, alerting your system that Gatekeeper needs to kick in to assess the new file.

However, the Achilles security vulnerability allowed hackers to block web browsers from setting the "com.apple.quarantine" attribute. Consequently, attackers could bypass Gatekeeper and unleash gnarly second-stage payloads.

Microsoft revealed that Lockdown Mode, a new extreme security feature Apple recently introduced to Apple users, isn't effective against Achilles, which isn't surprising because it's designed to defend against zero-click remote code execution exploits.

On the plus side, if you're a macOS user, you shouldn't worry. Apple rectified the Achilles security bug in macOS Ventura 13, macOS Big Sur 11.7.2 and macOS Monterey 12.6.2.

Microsoft notes that this isn't the first time that Gatekeeper faced security vulnerabilities. In past years, malware families such as Shlayer took advantage of Gatekeeper's flaws to wreak havoc on users' devices.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!