Apple Patches Zero-day Flaw Actively Exploited by Shlayer Malware

venustus

Level 58
Verified
Trusted
Content Creator
Dec 30, 2012
4,747
34,289
An actively exploited zero-day vulnerability in macOS has been patched by Apple. The vulnerability, one of the most serious flaws in macOS to be discovered, allows malware to bypass File Quarantine, Gatekeeper, and Notarization protections.
The vulnerability – tracked as CVE-2021-30657 – is due to a logic flaw in the macOS policy subsystem that performs security checks on applications. The flaw was identified by security researcher and Twilio security engineer Cedric Owens who reported the flaw to Apple on March 25, 2021. Owens developed a proof-of-concept exploit and successfully exploited the flaw in macOS Catalina 10.15 as well as versions of macOS Big Sur prior to version 11.3.
 
Top