“As we learned from CVE-2022-22616-when it comes to application bundles, Gatekeeper only cares if the app directory itself has a quarantine attribute set and disregards recursive files within the app bundle,” researchers noted. “This brought us to the testing of the macOS Archive Utility, where we discovered that creating an Apple Archive with a similar command will also result in bypassing Gatekeeper and all security checks upon execution,” the researchers said. That prompted the team to look into “other archiving features that might suffer from similar issues,” the researchers wrote in a blog post. “At a low level, this vulnerability existed within the parsing of the bill of materials (BoM) when an application was placed within a zip file using a syntax” like zip -r test.app/Contents test.zip. Jamf researchers “identified a vulnerability in the Safari Web Browser that could bypass Gatekeeper checks by leveraging a crafted ZIP archive ( CVE-2022-22616)” earlier this year. “The Gatekeeper functionality in Apple’s macOS is there to provide an added layer of security, so any vulnerability that can bypass it is problematic,” said Mike Parkin, senior technical engineer at Vulcan Cyber.īecause the Archive Utility does not tag files with a “” attribute, Gatekeeper would not check those files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |