Apple: Microsoft reveals a serious vulnerability in macOS

Apple: Microsoft svela una grave vulnerabilità su macOS thumbnail

Microsoft e Apple have worked together to solve a problem in the macOS Gatekeeper security systemdiscovered in July 2022 and promptly resolved by the Cupertino multinational.

The flaw in the macOS Gatekeeper system discovered by Microsoft

The identified bug could have allowed too many cybercriminals to bypass the security system Gatekeepers at Apple – deputy for the protection of Macs by allowing only trusted and therefore verified apps to be installed – by infecting computers with malware and other threats.

To demonstrate the vulnerability found, Microsoft created a exploit proof-of-concept called “Achille“.

Obviously, once the flaw was identified, Microsoft promptly notified Apple using the Coordinated Vulnerability Disclosure (CVD) tramite Microsoft Security Vulnerability Research (MSVR).

The fixes for the vulnerability, identified as CVE-2022-42821were then quickly released by Apple for macOS 13 (Coming), macOS 12.6.2 (Monterey) e macOS 1.7.2 (Big Sur).

Having identified and resolved a security problem is good news for all Mac computer owners, as Gatekeeper has always been an indispensable tool for keeping Apple devices safe from malicious people.

But how does this security system work?

Gatekeepers, how does it work?

In recent years Apple has focused a lot on security policies and the current design of Gatekeeper follows a twofold behavior for downloaded apps:

  • if the app is approved by Apple, user consent must be obtained before launch;
  • if the app is not trusted, the user is immediately warned that it cannot be run.

However, it remains noteworthy that one of the most effective security systems fell victim to a bug, demonstrating that the flaw identified by Microsoft exposes the stark reality: even the best ones like Gatekeeper have weaknesses.

Fortunately, the collaboration between the two companies can give us peace of mind, as Apple and Microsoft are at the forefront of fighting cyberthreats on a daily basis.