New particulars a couple of recognized vulnerability within the macOS Archive Utility have emerged, displaying that a cyberattacker armed with simply the correct specialty archive may exploit it to execute a malicious software whereas bypassing safety checks — with out the consumer ever being notified.
The vulnerability, found by Jamf Menace Labs and tracked as CVE-2022-32910, impacts the Archive Utility, an Apple software that permits customers to simply create and ship archives. The staff mentioned it found the flaw throughout analysis into basic archiving function safety.
“Though our testing was completed with Apple Archives, the identical bypass may be achieved with different archive codecs akin to .ZIP archives, wherein case the .ZIP file may very well be created whereas throughout the app listing,” the disclosure famous.
The Jamf staff reported the macOS bug to Apple on Could 31 and mentioned Apple issued a patch on July 20 — however it’s simply now releasing technical particulars. Out-of-date finish customers ought to replace to the most recent macOS model to keep away from compromise.