Home>Blog>The Hacker News Headlines>Details Released for Recently Patched new macOS Archive Utility Vulnerability
The Hacker News Headlines

Details Released for Recently Patched new macOS Archive Utility Vulnerability

macOS Archive Utility Vulnerability

Security researchers have shared details about a now-addressed
security flaw in Apple’s macOS operating system that could be
potentially exploited to run malicious applications in a manner
that can bypass Apple’s security measures.

The vulnerability, tracked as CVE-2022-32910[1], is rooted in the
built-in Archive Utility and “could lead to the execution of an
unsigned and unnotarized application without displaying security
prompts to the user, by using a specially crafted archive,” Apple
device management firm Jamf[2]
said in an analysis.

CyberSecurity

Following responsible disclosure on May 31, 2022, Apple
addressed the issue as part of macOS Big Sur
11.6.8[3] and Monterey
12.5[4] released on July 20,
2022. The tech giant, for its part, also revised the earlier-issued
advisories as of October 4 to add an entry for the flaw.

Apple described the bug as a logic issue that could allow an
archive file to get around Gatekeeper checks, which is designed so
as to ensure that only trusted software runs on the operating
system.

The security technology achieves this by verifying that the
downloaded package is from a legitimate developer and has been
notarized by Apple – i.e., given a stamp of approval to ensure it’s
not been maliciously tampered with.

Vulnerability

“Gatekeeper also requests user approval before opening
downloaded software for the first time to make sure the user hasn’t
been tricked into running executable code they believed to simply
be a data file,” Apple notes[5]
in its support documentation.

It’s also worth noting archive files downloaded from the
internet are tagged with the “com.apple.quarantine” extended
attribute, including the items within the file, so as to trigger a
Gatekeeper check prior to execution.

But in a peculiar quirk discovered by Jamf, the Archive Utility
fails to add the quarantine attribute to a folder “when extracting
an archive containing two or more files or folders in its root
directory.”

CyberSecurity

Thus by creating an archive file with the extension
“exploit.app.zip,” it leads to a scenario where an unarchival
results in the creation of a folder titled “exploit.app,” while
also lacking the quarantine attribute.

This application “will bypass all Gatekeeper checks allowing an
unnotarized and/or unsigned binary to execute,” Jamf researcher
Ferdous Saljooki, who discovered the flaw, said. Apple said it
resolved the vulnerability with improved checks.

The findings come more than six months after Apple addressed
another similar flaw[6]
in macOS Catalina, Big Sur 11.6.5, and Monterey 12.3 (CVE-2022-22616[7]) that could allow a
malicious ZIP archive to bypass Gatekeeper checks.

References

  1. ^
    CVE-2022-32910
    (www.jamf.com)
  2. ^
    Jamf
    (www.jamf.com)
  3. ^
    macOS
    Big Sur 11.6.8     (support.apple.com)
  4. ^
    Monterey
    12.5     (support.apple.com)
  5. ^
    notes
    (support.apple.com)
  6. ^
    another
    similar flaw     (www.jamf.com)
  7. ^
    CVE-2022-22616
    (nvd.nist.gov)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.