New macOS Gatekeeper vulnerability discovered

CVE-2022-42821 (via Bleeping Computer):

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.


We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call “Achilles”. Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS.



Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017)

Impact: An app may bypass Gatekeeper checks

Description: A logic issue was addressed with improved checks.

CVE-2022-42821: Jonathan Bar Or of Microsoft

Gatekeeper is the service that checks apps installed on macOS to ensure that they are notarised and signed by developers for distribution. This is a fascinating bug that works by leveraging AppleDouble and Access Control Lists (ACLs) to specify metadata allowing for the bypass of Gatekeeper checks.

Unfortunately those running the new Lockdown Mode introduced in macOS Ventura are also impacted by this issue and will need to update Ventura to fix the bug.