![]() ![]() “While this vulnerability would still require an attacker to get their target to download the payload and launch it locally, the problem shouldn’t be discounted,” said Parkin. Only the files and folders within the app should be archived, excluding the test.app directory.This causes the auto-renaming of the temporary directory as described in the vulnerability section. There should be two or more files or folders in the root of the target directory being archived (i.e., test.app/ and test.app/).Researchers noted the following conditions are needed for the flaw to be exploited: To exploit this latest flaw, they proved they could bypass Gatekeeper by ensuring their non-quarantined folder, which they named myPictures, was an application. “As we learned from CVE-2022-22616-when it comes to application bundles, Gatekeeper only cares if the app directory itself has a quarantine attribute set and disregards recursive files within the app bundle,” researchers noted. “This brought us to the testing of the macOS Archive Utility, where we discovered that creating an Apple Archive with a similar command will also result in bypassing Gatekeeper and all security checks upon execution,” the researchers said. ![]() That prompted the team to look into “other archiving features that might suffer from similar issues,” the researchers wrote in a blog post. “At a low level, this vulnerability existed within the parsing of the bill of materials (BoM) when an application was placed within a zip file using a syntax” like zip -r test.app/Contents test.zip. Jamf researchers “identified a vulnerability in the Safari Web Browser that could bypass Gatekeeper checks by leveraging a crafted ZIP archive ( CVE-2022-22616)” earlier this year. “The Gatekeeper functionality in Apple’s macOS is there to provide an added layer of security, so any vulnerability that can bypass it is problematic,” said Mike Parkin, senior technical engineer at Vulcan Cyber.īecause the Archive Utility does not tag files with a “” attribute, Gatekeeper would not check those files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |