Apple patches severe macOS security flaw

Apple patches severe macOS security flaw

Mac users are being urged to update to macOS Big Sur 11.3 as at least one threat group is exploiting the zero-day bug to sneak past the operating system’s built-in security mechanisms



Apple has rolled out an update for its macOS Big Sur operating system to address a bevy of security flaws, including a vulnerability that could allow malware to circumvent the operating system’s built-in protection mechanisms.


The vulnerability, tracked as CVE-2021-30657, could allow a malicious actor to craft a payload that could bypass Gatekeeper – the security feature in macOS that enforces code signing and verifies downloaded applications in order to help keep malware off Mac devices.


“This payload can be used in phishing and all the victim has to do is double click to open the .dmg and double-click the fake app inside of the .dmg — no pop ups or warnings from macOS are generated,” said security researcher Cedric Owens, who discovered the security loophole before reporting it to Apple on March 25th. The tech titan plugged the vulnerability within five days with Big Sur 11.3 Beta 6.


Prior to the release of the update, Owens asked Mac security researcher Patrick Wardle of Objective-See to look under the hood of this macOS nasty. Wardle found that it stems from a logic flaw in macOS’s policy subsystem, a flaw that he said “would all ..

Support the originator by clicking the read the rest link below.