AndroidPure
  • Leaks
  • News
  • Reviews
  • Updates
  • How to
No Result
View All Result
  • Leaks
  • News
  • Reviews
  • Updates
  • How to
No Result
View All Result
AndroidPure
No Result
View All Result

macOS Gatekeeper flaw: How Microsoft found the Achilles bug

Ashwin Karthik by Ashwin Karthik
July 5, 2026
in News

Microsoft has revealed how it discovered a security flaw in macOS Gatekeeper. The vulnerability has been termed as Achilles.

Microsoft reveals details about how it discovered a security flaw in macOS Gatekeeper

For those unaware, Gatekeeper is a security feature that protects your Mac, it does so by only allowing trusted software to run on it, it’s sort of like an antivirus. The security issue has been referenced as CVE-2022-42821. It has a severity rating of 5.5, which means it is a medium level threat.

Microsoft says that it analyzed the threat, and shared its findings with Apple in July through Microsoft Security Vulnerability Research, in order to help protect macOS users from potential attacks.

Apple patched the Achilles heel security flaw in macOS Ventura that was released on October 24th, and later in macOS Monterey 12.6.2 and macOS Big Sur 11.7.2, which were rolled out on December 13th. In its security notes, the Cupertino company had mentioned that the vulnerability could allow an app to bypass Gatekeeper checks, and that it a logic issue had been addressed with improved checks.

Achilles vulnerability in macOS Gatekeeper

 

How Microsoft discovered the Achilles vulnerability in macOS

That doesn’t explain much, but an article on Microsoft’s security blog goes into the details. It is a bit on the technical side, so I’ll try to simplify it here. Microsoft says that macOS devices usually get infected as a result of users running fake apps that they may have downloaded from third-party sources, i.e. outside the App Store.

When a user downloads a file through their web browser, macOS assigns an extended attribute to it called com.apple.quarantine. The browser saves the metadata of a downloaded file in the above-mentioned attribute, and it contains some information such as flag;date;agent_name;UUID.

This is used by Gatekeeper to enforce some security policies. macOS usually warns you when you are trying to install something downloaded from the internet, that’s because Gatekeeper read its extended attribute, and recognized it as an app from an unknown source. After analyzing past security vulnerabilities that were present in macOS, Microsoft security researchers identified a specific one, referenced as CVE-2021-1810. The loophole, which was patched a year ago, would create a symbolic link to an app residing in long path results (more than 886 characters). Such symbolic links didn’t have the special attribute assigned to them. The researchers looked for a way to make metadata persist over archives.

They came to know that when a file is copied, macOS uses a mechanism called AppleSingle, to add a binary blob to the contents of the file. A second mechanism, known as AppleDouble, saves the file’s metadata separately in a different file next to the original, by adding a “.” prefix. While extracting a file from an archive, macOS processes the metadata stored in the AppleDouble file, and assigns it to the target file when it is extracted.

Microsoft’s team studied the source code of the unarchiving tool, and found an extended attribute called com.apple.acl.text, that was related to Access Control Lists. ACLs are one of the ways that macOS uses to handle permissions for files, including the ability to write attributes, extended attributes, set the ownership of the file, delete the file, and even set ACLs to it.

 

The security researchers designed a proof-of-concept exploit that targeted these mechanisms. It included creating a fake directory structure, an arbitrary icon and the payload (malware). Then they created an AppleDouble file with the ACL attribute mentioned above, and set a restrictive value to it. The final step was to create an archive with the contents and host it on a server. In other words, the proof-of-concept malware was packaged in a ZIP file, and this allowed them to bypass Gatekeeper.

macOS Gatekeeper Achilles heel vulnerability

Images via Microsoft

Given the rather low severity level, and the fact that the vulnerability has been patched, I don’t think users have to be worried about it. But the proof-of-concept was definitely an interesting one. One thing that intrigued me in the Microsoft’s article was that the Lockdown Mode that debuted in macOS Ventura cannot protect users against the Achilles vulnerability, users need to update macOS to patch the flaw.

Tags: AppleMacMacOSMicrosoft
ShareTweetSendShare
Previous Post

Poco C50 to launch soon in India

Next Post

Samsung Galaxy F04 to launch on January 4th

Ashwin Karthik

Ashwin Karthik

Originally a Business Grad, Ashwin is a natural at testing and reviewing apps & games for Windows and Android Apps, as well as flashing ROMs. A proud owner of a Redmi K20, he is also an avid gamer and loves playing on his Computer, PS4 & Nintendo consoles.

Follow Us

  • 914 Followers

Popular

  • Motorola Edge 70 Max official teaser showing Qi2 magnetic wireless charging

    Motorola Edge 70 Max launches July 15 in India: Qi2 magnetic charging

    Share
    Share Tweet
  • Nothing Phone (4b) launched in India: Price, Specs and RCB Edition

    Share
    Share Tweet
  • Galaxy Unpacked Set for July 22: Fold 8 Reservations Open in India

    Share
    Share Tweet
  • iQOO Z11 Lite India launch set for July 24: What’s confirmed

    Share
    Share Tweet
  • Google Photos floating bottom bar rolls out on Android

    Share
    Share Tweet
  • Google Photos Video Remix: How to Use the New AI Video Editor

    Share
    Share Tweet
  • Pixel 11 launch date confirmed: Made by Google 2026 event set for August 12

    Share
    Share Tweet

Latest

Samsung Health app AI features on Galaxy phone

Samsung Health Asks: Consent to AI Training or Lose Your Synced Data

July 12, 2026
Google Photos Video Remix feature powered by Gemini Omni

Google Photos Video Remix: How to Use the New AI Video Editor

July 12, 2026

Tensor G6 MediaTek Modem: Pixel 11 Pro Fold FCC Filing (Rumor)

July 11, 2026
Motorola Edge 70 Max official teaser showing Qi2 magnetic wireless charging

Motorola Edge 70 Max launches July 15 in India: Qi2 magnetic charging

July 11, 2026
Android 17 update on Google Pixel phones

Android 17 Beta: Exit to Stable Without Wiping Your Pixel

July 10, 2026
Samsung's Noida smartphone manufacturing plant in India

India Smartphone Import Duty: Exemptions Extended to 2029

July 10, 2026
iQOO Z11 Lite official teaser showing the Solar Flame colourway and rear camera design ahead of its July 24 India launch

iQOO Z11 Lite India launch set for July 24: What’s confirmed

July 10, 2026
AndroidPure

© 2024 AndroidPure - NonStop Android.

Navigate Site

  • Privacy
  • About Us
  • Tip Us
  • Contact Us

Follow Us

No Result
View All Result
  • Leaks
  • News
  • Reviews
  • Updates
  • How to

© 2024 AndroidPure - NonStop Android.