Security News > 2021 > April > Apple patches macOS zero-day exploited by malware for months (CVE-2021-30657)

Apple has patched a critical macOS zero-day that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking Transparency feature and policy in iOS, iPadOS and tvOS. A zero-day exploited by malware peddlers.

Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper, the macOS's security feature that verifies downloaded applications before allowing them to run, and bypasses File Quarantine and Application Notarization protections as well.

"An attacker manually crafts an application bundle by using a script as the main executable. When this bundle is created they do not create an Info.plist file. The application can then be placed in a dmg for distribution. When the dmg is mounted and the application is double clicked, the combination of a script-based application with no Info.plist file executes without any quarantine, signature or notarization verification," they explained the exploitation process.

Victims who downloaded and ran it would have had no warning from macOS that the application might be malicious.

Apple has fixed CVE-2021-30657 in macOS Big Sur 11.3, along with two other flaws that may allow a malicious application to bypass Gatekeeper checks and a bucketload of other vulnerabilities.

iOS 14.5, iPadOS 14.5 and tvOS 14.5, released on Monday, will start enforcing App Tracking Transparency, a hotly debated feature that will force apps to ask for users' permission if they want to track their activity across other apps and websites via Apple ID for Advertisers and use their data for things like ad targeting.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZqkriKGn14A/