This module exploits two CVEs that bypass Gatekeeper.
For CVE-2021-30657, this module serves an OSX app (as a zip) that contains no
Info.plist, which bypasses gatekeeper in macOS < 11.3.
If the user visits the site on Safari, the zip file is automatically extracted,
and clicking on the downloaded file will automatically launch the payload.
If the user visits the site in another browser, the user must click once to unzip
the app, and click again in order to execute the payload.
For CVE-2022-22616, this module serves a gzip-compressed zip file with its file header pointing
to the `Contents` directory which contains an OSX app. If the user downloads the file via Safari,
Safari will automatically decompress the file, removing its `com.apple.quarantine` attribute.
Because of this, the file will not require quarantining, bypassing Gatekeeper on
MacOS versions below 12.3.
msf > use exploit/osx/browser/osx_gatekeeper_bypass
msf exploit(osx_gatekeeper_bypass) > show targets
...targets...
msf exploit(osx_gatekeeper_bypass) > set TARGET < target-id >
msf exploit(osx_gatekeeper_bypass) > show options
...show and set options...
msf exploit(osx_gatekeeper_bypass) > exploit