Apple Patches Zero-day Flaw Actively Exploited by Shlayer Malware


Level 59
Thread author
Top poster
Content Creator
Dec 30, 2012
An actively exploited zero-day vulnerability in macOS has been patched by Apple. The vulnerability, one of the most serious flaws in macOS to be discovered, allows malware to bypass File Quarantine, Gatekeeper, and Notarization protections.
The vulnerability – tracked as CVE-2021-30657 – is due to a logic flaw in the macOS policy subsystem that performs security checks on applications. The flaw was identified by security researcher and Twilio security engineer Cedric Owens who reported the flaw to Apple on March 25, 2021. Owens developed a proof-of-concept exploit and successfully exploited the flaw in macOS Catalina 10.15 as well as versions of macOS Big Sur prior to version 11.3.