On 26 April 2021, Apple released security updates for macOS Big Sur, Catalina, and Mojave. The Big Sur update fixes 60 security vulnerabilities, including one with reports of active exploitation prior to being patched. We recommend updating the affected devices as soon as possible.
- A logic flaw in macOS’ policy subsystems, tracked as CVE-2021-30657, causes misclassification of quarantined items, such as malicious applications. As a result, these apps, even if unsigned (and unnotarized), could be allowed to run with no warnings from macOS.
- The flaw allows a bypass of macOS’ core security mechanisms – file quarantine, Gatekeeper, and notarization requirements.
- The researchers who discovered the vulnerability suggest that it was likely introduced in macOS 10.15.
- One known malware, Shlayer, has been employing this flaw since January 2021 by distributing an exploit via compromised websites or poisoned search engine results.
Why it’s important
- We recommend updating your devices as soon as possible as actively-exploited flaws present high risk to unpatched devices.
- If you don’t have automatic updates enabled, go to the Settings-> General->Software Update.
- The flaw requires user interaction to exploit it, and this is a good reminder for users not to click on any links from unknown sources.