CVE-2022-22616: A Deep Dive into the Discovery of a Safari Vulnerability

Jamf security researchers discovered a vulnerability earlier this year and reported their findings to Apple which is now patched and assigned CVE-2022-22616. Join Ferdous Saljooki from the Jamf Threat Labs team for a deep dive into vulnerability analysis.

Gatekeeper is a security feature built into macOS that prevents the user from executing potentially malicious and/or unwanted software. It is designed to ensure that only trusted software launches on a user’s system by verifying notarization and code signing information.

A vulnerability existed in the Safari browser that allowed a specially crafted zip to bypass all checks performed by Gatekeeper. This allowed for the execution of an application that was completely unsigned and un-notarized. Join us on this journey through macOS internals and research.