By security practitioners, for security practitioners innovate | novacoast federal | novaSOC | novacoast
By security practitioners, for security practitioners

macOS 11.3 Update Patches Anti-Malware Bypass Zero-Day

Apple released a software update on Monday to patch a vulnerability that allows malware to bypass the built-in protections in macOS. Users and administrators of macOS machines should update ASAP.


What’s the nature of the vulerability?

Apple is notoriously tight lipped with their vulnerabilities. This one is tracked as CVE-2021-30657, but details from Apple are limited to:

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.


Discovered by researcher Cedric Owens, the bug allows an attacker to easily craft a macOS payload that goes unchecked by the strict security features specifically designed to keep malware out.

The vulnerability has been exploited in the wild by mac malware “Shlayer” to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

Last summer, the authors of Shlayer successfully managed to get their malicious payloads through Apple’s automated notarizing process.

What’s the risk?

Unchecked malware can download ransomware, harvest credentials, exfiltrate data, establish persistent surveillance, and a host of other nasty things. 

 
What versions of macOS are affected?

All versions prior to 11.3
 

How can I protect against it?

In macOS, go to System Preferences > Software Update, and upgrade to macOS Big Sure 11.3.

 

References

Apple security updates:
https://support.apple.com/en-us/HT212325

Threat Post article:
https://threatpost.com/apple-patches-macos-bug-bypass-defenses/165611/

ZJ

Previous Post

Passwordstate Users Delivered Malware Via Automatic Update

Next Post

“21Nails” in Exim MTA Leave It Critically Exposed

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.