Security News > 2021 > April > Apple fixes macOS zero-day bug exploited by Shlayer malware
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.
The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability, discovered and reported to Apple by security engineer Cedric Owens.
Today, Apple has released a security update to fix the vulnerability in macOS Big Sur 11.3 and block malware campaigns actively abusing it.
Intego's research team spotted Shlayer for the first time in a malware campaign in February 2018, camouflaged as a fake Adobe Flash Player installer just as many other malware families targeting macOS users.
In total, with today's security updates for macOS and iOS bugs exploited in the wild, Apple has addressed nine zero-days since November.
In January, Apple fixed a race condition bug in the iOS kernel and two WebKit security flaws.
News URL
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- XCSSET macOS malware returns with first new version since 2022 (source)