27 April 21, 16:19
Quote:Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months.
Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021–30657 and patched in macOS 11.3, an update dropped by Apple on Monday. The vulnerability is particularly perilous to macOS users because it allows an attacker to very easily craft a macOS payload that goes unchecked by the strict security features built into the OS specifically to keep malware out.
“This bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk,” warned Patrick Wardle, an Apple security expert who runs the Objective-See Mac security tool site, in a blog post Monday. Owens asked Wardle to do a deeper technical dive of the bug after his initial analysis and report on it.
Owens said he tested his exploit for the bug successfully on macOS Catalina 10.15–specifically on 10.15.7–and on versions of macOS Big Sur before Big Sur 11.3, submitting a report to Apple about the vulnerability on March 25.
“This payload can be used in phishing and all the victim has to do is double-click to open the .dmg and double-click the fake app inside of the .dmg–no pop ups or warnings from macOS are generated,” Owens wrote in a post on his Medium blog Monday.
Read more: Apple Patches Zero-Day MacOS Bypass Bug | Threatpost