Microsoft discovered the 'Achilles heel' of macOS's security tool

News
By published

Microsoft and Apple worked together to fix a security issue in macOS.

13-inch MacBook Pro with M2 chip
(Image credit: Future)

What you need to know

  • Microsoft discovered a vulnerability in macOS in July 2022 that could be used to bypass the Gatekeeper security mechanism.
  • The vulnerability was disclosed in the same month and was quickly addressed by Apple.
  • Apple shipped an update that addresses the bug for macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur).

Back in July 2022, Microsoft discovered a security vulnerability in macOS. A bug allowed attackers to bypass Apple's Gatekeeper security mechanism, which protects computers by only allowing trusted apps to be installed. The discovered vulnerability, if left unpatched, could allow threat actors to get malware onto systems.

Microsoft dubbed its proof-of-concept that exploited the vulnerability "Achilles" and informed Apple of the issue through Coordinated Vulnerability Disclosure.

Microsoft goes into detail about how the vulnerability was discovered and the implications of such an issue in a recent post. The breakdown is useful for security experts and researchers but is more in-depth than most everyday users need. The main takeaway is that Microsoft discovered the security risk, informed Apple, and Apple fixed the issue quickly.

Updates to address the Achilles vulnerability were shipped to macOS 13 (Ventura), macOS 12.6.2 (Monterey), and macOS 1.7.2 (Big Sur) on December 13, 2022 (via Bleeping Computer).

How macOS secures systems

Several security features and layers of protection make it harder for attackers to get malware and other malicious programs onto macOS. When anyone downloads an app through a browser on macOS, be it Safari or another browser, a marker is added to the file. Apple's Gatekeeper and other tools then enforce mitigations and other protections. For example, if Gatekeeper finds an app that is not signed and notarized, it will tell a person that the app cannot be run because it's not trusted.

The system is not perfect, however, as noted by Microsoft:

"Due to its essential role in stopping malware on macOS, Gatekeeper is a helpful and effective security feature. However, considering there have been numerous bypass techniques targeting the security feature in the past, Gatekeeper is not bulletproof. Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access."

Security vulnerabilities are common, and companies such as Apple and Microsoft combat them frequently. The Achilles bug is noteworthy because Microsoft discovered the issue within macOS.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.