This bug would allow a threat actor to bypass the Gatekeeper security feature on Apple’s macOS. This is the mechanism that protects Mac machines by preventing untrusted apps from installing. However, the vulnerability found by Microsoft would allow an attacker to install a malicious app onto the system. Microsoft also developed a proof-of-concept (PoC) to show it could work if left unpatched. Called “Achilles”, the bug was disclosed to Apple through the Coordinated Vulnerability Disclosure.
Fix
In a blog post, Microsoft describes the bug and the dangers it could pose if exploited by the wrong people. Essentially, the company says that there is a security risk, Microsoft told Apple, and Apple then issued a fix. “After carefully reviewing the implications, we shared the vulnerability with Apple in July 2022 through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Fixes for the vulnerability, now identified as CVE-2022-42821, were quickly released by Apple to all their OS versions. End-users should apply the fix regardless of their Lockdown Mode status. We thank Apple for the collaboration in addressing this issue.” If you want to dive into the details and specifics, the blog post is perfect for security experts and researchers. Tip of the day: After years of hefting a laptop around, you inevitably build up a menagerie of Wi-Fi networks. For the most part, they’ll sit on your PC, hardly used, but at times a change in configuration can make it difficult to connect to a network your computer already remembers. At this point, it can be beneficial to make Windows forget a Wi-Fi network and delete its network profile.