English

Superior Quality, Competitive Price And Timely Service

View All Products

Environmental Protection Material

View All Products

100% Eco-Fiendly Material

View All Products

MacOS vulnerability allows threat actors to bypass Apple Gatekeeper | Cybersecurity Dive

2022-12-21 16:26:47 By : Mr. Charlie luo

Gatekeeper has been a frequent target of threat activity in recent years, and researchers, as part of their proof of concept exploit, identified different mechanisms to bypass the security feature. Threat actors can: 

Microsoft researchers pointed out a few examples of Gatekeeper bypass that were previously assigned common vulnerability and exposure (CVE) numbers. 

In one example, CVE-2021-1810 involved the assignment of the quarantine attribute. In this example, a path longer than 886 characters fails to inherit the com.apple.quarantine extended attribute, as outlined by researchers from With Secure . 

Microsoft shared research about the issue with Apple in July through coordinated vulnerability disclosure and Apple released fixes to all its operating systems, according to the blog. Apple did not immediately return a request for comment. 

Researchers from Zimperium said Gatekeeper is a strong process to make sure apps going through macOS are legit, but this layer of security is not enough by itself. 

“Whether they are targeting iOS or macOS, threat actors are looking for new and novel ways to bypass these OEM security tools that provide zero advanced threat protection and risk telemetry back to their security teams, leaving critical data and systems at great risk,” Richard Melick, director of threat reporting at Zimperium, said via email. 

Get the free daily newsletter read by industry experts

Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 

Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  

Subscribe to Cybersecurity Dive for top news, trends & analysis

Get the free daily newsletter read by industry experts

Want to share a company announcement with your peers?

Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 

Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  

The free newsletter covering the top industry headlines

Featured Products

News & Blog