Skip to Content

macOS Archive Utility Vulnerability

Researchers at Jamf Threat Labs have discovered a remote code execution vulnerability in macOS Archive Utility. Jamf notified Apple about the issue on May 31, 2022; the flaw was fixed in July. Jamf found the Archive Utility vulnerability after detecting a flaw in Safari that could circumvent Gatekeeper checks earlier this year and decided to “research other archiving features that might suffer from similar issues.”


  • The flaw was fixed in macOS 12.5, released July 2022. Essentially, you leverage a flaw in the Safari browser to get it to unload a crafted archive file causing the quarantine bit to _NOT_ be set, which then bypasses the gatekeeper functions which prompt for permission prior to allowing execution of such a file. The fix is simple – apply the latest updates from Apple.


    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.