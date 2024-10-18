Certain third-party utilities and applications can pose a threat to the integrity of a security feature on Apple macOS known as Gatekeeper. If Gatekeeper is bypassed, the user might not be protected from dangerous apps that could try to run malicious content, cybersecurity company Palo Alto Networks’ Unit 42 has reported.

Gatekeeper is a security mechanism that ensures only trusted software runs on macOS. When a user downloads software from sources other than the Apple App Store, Gatekeeper verifies that the software is authenticated and not malicious or has not been tampered with.

One of the elements of Gatekeeper security is a metadata quarantine attribute that the browser adds to newly downloaded files. This attribute makes Gatekeeper verify and examine the binary before permitting execution of a freshly downloaded file. The user's consent is requested as part of this verification procedure.

However, some third-party utilities and apps related to archiving, virtualisation and Apple's native command-line tools—including Archiver, VMware Fusion and BetterZip—do not enforce the quarantine attribute, according to Unit 42 researchers.