New macOS Archive Utility Vulnerability Allows Malware to Bypass Gatekeeper Security, But An Update Patches the Hole

macOS archive utility

Highlighting the need to keep your Mac up-to-date with the latest operating system updates, security researchers announced a new threat. A vulnerability in the macOS Archive Utility could lead to unwanted software bypassing Gatekeeper security measures. Apple patched the hole months ago, so you should be safe if you regularly update macOS.

Security Vulnerability in macOS Archive Utility Lets Hackers Waltz Through Gatekeeper Unnoticed

The exploit was first discovered by Jamf Threat Labs in May. The researchers reported it to Apple on May 31, and the Cupertino-based tech giant promptly patched the vulnerability. The fix was labeled CVE-2022-32910 and was included in macOS Monterey 12.5. Only recently, Jamf Threat Labs disclosed the vulnerability in a public blog post.

In essence, the vulnerability allowed hackers to build a specially-crafted archive that could lead to a user unknowingly running an unsigned, unnotarized application. All of this would happen without macOS displaying the usual security prompts.

The way it works completely skirts an earlier archive-related bug in Safari, instead relying on the user to double-click a compressed file created using the Apple Archive format. By default, macOS will open such files in its native Archive Utility.

In certain cases, Archive Utility fails to give some of the unarchived files the quarantine attribute telling macOS to analyze the file before running it. Abusing this flaw would allow hackers to circumvent Gatekeeper along with other macOS security checks.

The Importance of Regularly Running Software Update

Jamf disclosed the flaw to Apple at the end of May, and Cupertino patched it in July. However, we all know folks who rarely, if ever, install updates to macOS. In this instance, we’ve got a great example of why it is so important to run Software Update regularly.

If you or someone you know doesn’t already practice their due diligence in installing software updates, now might be a good time to start. You can check for and install the latest version of macOS by going to System Preferences > Software Update and making sure you are running macOS 12.5.1 Monterey or later.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.