MacOS Vulnerability Bypasses Gatekeeper

Gatekeeper on MacOS enforces code signing and verifies downloaded applications before execution, and it treats external drives and networks as safe locations to execute untrusted apps without user interaction. A vulnerability could allow threat actors to potentially bypass Gatekeeper and execute arbitrary code without warning or a user’s permission using the automount functionality in macOS version 10.14.5 (Mojave) and below. At the time of this writing, no patches are available; however, disabling automatic mounting of network shares may be a successful workaround. The NJCCIC recommends users patch systems as updates become available. We encourage users to review the technical details and demonstration video in the BleepingComputer article.