Security News > 2021 > April > Apple Patches macOS Security Bypass Vulnerability Exploited by 'Shlayer' Malware
![Apple Patches macOS Security Bypass Vulnerability Exploited by 'Shlayer' Malware](/static/build/img/news/alt/mac-stats-medium.jpg)
Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group.
The Big Sur update fixes nearly 60 security holes, including a logic issue tracked as CVE-2021-30657 that, Apple says, can allow a malicious application to bypass Gatekeeper checks.
The vulnerability tracked as CVE-2021-30657 can be exploited to bypass file quarantine, Gatekeeper and notarization using specially crafted applications.
Patrick Wardle, a researcher who specializes in the security of Apple products, published a lengthy blog post on Monday to describe the vulnerability and its root cause in detail.
Sure enough, Jamf researchers discovered that a variant of the Shlayer malware, which drops adware on infected devices, had been leveraging the vulnerability since at least January 9, 2021, to bypass the file quarantine, notarization and Gatekeeper.
The developers of Shlayer have been known to come up with clever ways to bypass Apple security mechanisms.
News URL
Related news
- Snowblind malware abuses Android security feature to bypass security (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)
- Apple Operating Systems are Being Targeted by Threat Actors, Plus 4 More Vulnerability Trends (source)
- Clever macOS malware delivery campaign targets cryptocurrency users (source)
- New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration (source)
- Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (source)
- PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks (source)
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
- North Korean Hackers Update BeaverTail Malware to Target MacOS Users (source)
- PKfail Secure Boot bypass lets attackers install UEFI malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-08 | CVE-2021-30657 | Unspecified vulnerability in Apple mac OS X and Macos A logic issue was addressed with improved state management. network apple | 4.3 |