February 27, 2024

Apple is fixing a bug that allowed malicious apps to bypass security

If you have a Macbook or any macOS device, you are in danger and you didn’t even know it. An error has been detected – and has already been fixed by Apple – in the security of the operating system.

Read more: Do you know what is the best app for Apple in 2022?

The flaw, tracked as CVE-2022-42821, allowed malicious apps to bypass macOS security. This vulnerability bypasses Gatekeeper protection for the operating system.

However, this is not the first time that Apple has introduced security holes in its operating system. In April 2021, Apple also fixed a flaw that allowed Shlayer malware to bypass Gatekeeper.

What is Gatekeeper and how does macOS secure it?

First introduced into the operating system in 2012, Gatekeeper was designed to allow only software you trust — or at least from trusted developers — to run on macOS. It automatically performs a Criminal Background Check on all downloaded apps.

Find out the failure

The first person to notice a flaw in Apple’s operating system was Jonathan Bar-Orr, a principal security researcher at Apple’s competitor Microsoft. In a post on the Windows corporate blog, he explains that macOS performs a kind of “isolation” with apps downloaded from a browser, before checking.

Malicious apps use a file permissions model called access control lists. Thus, it adds restricted permissions to the file. In this way, they prevent downloaded content from entering Gatekeeper’s “quarantine”.

Microsoft reported the security system bug in July, but the bug was only fixed in early December.

Palliative solutions

Lock mode, a feature apples Implemented earlier this year, it can help users prevent cyberattacks. However, it did not protect users from the newly discovered flaw.

Source: Yahoo news