Microsoft has found a bug affecting macOS that allows malware to bypass Apple’s operating system security controls. We strongly recommend that you update your Mac to apply the fix.
After being alerted by Microsoft, Apple has fixed a critical flaw that allows hackers to declare malware on devices running macOS. Apps could then bypass app runtime restrictions Porter normally enforced by the operating system.
Microsoft launches the alert
It was Jonhatan Bar Or, security researcher at Microsoft, who set off the alarm bells. He found a security flaw identified under the code name VCE-2022-42821 and nicknamed “Achille”. A vulnerability that was patched by Apple on December 13 in macOS 13 Ventura, macOS 12.6.2 Monterey and macOS 1.7.2 Big Sur.
If you are unfamiliar with Porterit’s a technology designed to ensure that only trusted software runs on your Mac. Porter performs online checks for the presence of known malware. By bypassing this security system, malware contained in a ZIP file was able to be deployed on the system.
Microsoft said that “Apple’s Lockdown Mode, introduced in macOS Ventura as an optional protection feature for high-risk users who could be personally targeted by a sophisticated cyberattack, aims to stop clickless remote code execution exploits . This is the reason why she could not defend herself against Achilles. All users should apply this hotfix. »
macOS is far from flawless
macOS is a beautiful operating system, it is not spared by hackers who have already managed to achieve its security on multiple occasions. Indeed, the various macOS protection systems have already been subject to critical flaws. The same researcher who found the vulnerability we’re talking about today reported a breach in 2021 that allows hackers to bypass System Integrity Protection. Hackers would then perform arbitrary operations on a compromised Mac.
In April 2021, Apple also patched a zero-day vulnerability on macOS. The latter attributed to the actors behind the malware shlayer bypass security checksApple File QuarantineGuardian and Notary in order to download more malware to infected Macs.
In September 2022, Apple had already fixed no less than eight zero-day flaws since the start of the year. Security issues that have led the Apple brand to implement more effective anti-malware protection with the discreet arrival of Xprotect Remediator. Apple seems to be “paying” for the success of its machines equipped with M1 and M2 chips by gaining interest from pirates for the American company’s OS.
If you have a macOS machine and haven’t updated the OS recently, we would like you to. Go to your Mac’s settings to download the patch deployed by Apple and effectively protect yourself from this new threat.