Hackers exploit macOS vulnerability to run malicious applications

Attackers are exploiting a macOS vulnerability tracked as CVE-2022-32910 to execute malicious applications. The bug is described as a logic issue that could allow an archive file to bypass Gatekeeper checks that were originally developed to ensure that only trusted software is running on the operating system.

According to Apple device management firm Jamf, the bug is rooted in the built-in Archive Utility and “could lead to the execution of an unsigned and unnotatized application without displaying security prompts to the user, by using a specially crafted archive.”

The vulnerability was discovered by Jamf researcher Ferdous Saljooki.

Jamf discovered that the Archive Utility fails to add the quarantine attribute to a folder “when extracting an archive containing two or more files or folders in its root directory.” Therefore, creating an archive file with the extension “,” can lead to a situation where an unarchived folder called “” is created.

Saljooki explained that after the process, the application in question “will bypass all Gatekeeper checks that allow unauthorized and/or unsigned binary to run.”

Although the vulnerability was announced on May 31, 2022, Apple claimed to have fixed the issue in macOS Big Sur 11.6.8 and Monterey 12.5, which were released in July 2022. Apple also revised the advisories released on October 4 to add an entry for the vulnerability.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web