Apple released a software update on Monday to patch a vulnerability that allows malware to bypass the built-in protections in macOS. Users and administrators of macOS machines should update ASAP.
What’s the nature of the vulerability?
Apple is notoriously tight lipped with their vulnerabilities. This one is tracked as CVE-2021-30657, but details from Apple are limited to:
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
Discovered by researcher Cedric Owens, the bug allows an attacker to easily craft a macOS payload that goes unchecked by the strict security features specifically designed to keep malware out.
The vulnerability has been exploited in the wild by mac malware “Shlayer” to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.
Last summer, the authors of Shlayer successfully managed to get their malicious payloads through Apple’s automated notarizing process.
What’s the risk?
Unchecked malware can download ransomware, harvest credentials, exfiltrate data, establish persistent surveillance, and a host of other nasty things.
What versions of macOS are affected?
All versions prior to 11.3
How can I protect against it?
In macOS, go to System Preferences > Software Update, and upgrade to macOS Big Sure 11.3.
References
Apple security updates:
https://support.apple.com/en-us/HT212325
Threat Post article:
https://threatpost.com/apple-patches-macos-bug-bypass-defenses/165611/
ZJ
