This is later used to enforce policies such as Gatekeeper.
Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.
To demonstrate the Achilles vulnerability, Microsoft developed a proof-of-concept (POC) that examined AppleDouble files misusing ACLs.
To carry out the POC, Microsoft created a fake directory structure with an arbitrary icon and payload.
Perform the correct AppleDouble patching if using ditto to generate the AppleDouble file.
End-users should apply the fix regardless of their Lockdown Mode status.
source: www.techworm.net
