macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks
Exploit allows unsigned and unnotarized macOS applications to bypass Gatekeeper and other security, without notifying the user.
New details about a known vulnerability in the macOS Archive Utility have emerged, showing that a cyberattacker armed with just the right specialty archive could exploit it to execute a malicious application while bypassing security checks — without the user ever being notified.
The vulnerability, discovered by Jamf Threat Labs and tracked as CVE-2022-32910, affects the Archive Utility, an Apple tool that allows users to easily create and send archives. The team said it discovered the flaw during research into general archiving feature security.
"Although our testing was done with Apple Archives, the same bypass can be achieved with other archive formats such as .ZIP archives, in which case the .ZIP file could be created while within the app directory," the disclosure noted.
The Jamf team reported the macOS bug to Apple on May 31 and said Apple issued a patch on July 20 — but it's just now releasing technical details. Out-of-date end users should update to the latest macOS version to avoid compromise.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024