Apple macOS exploited through a security flaw.

Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers

Apple released an update to its macOS operating systems to address an actively exploited zero-day vulnerability that could undermine its security protections.

This will allow unapproved software to run on its computers.

Identified as CVE-2021-30657, the macOS flaw was found and reported to Apple by security engineer Cedric Owens on March 25, 2021.

“An unsigned, unnotarized, script-based proof of concept application […] could trivially and reliably sidestep all of macOS’s relevant security mechanisms. 

Apple’s security measures:

In macOS, Apple includes a feature called Gatekeeper, which allows only trusted apps to run by verifying that the software was signed by the App Store or by a registered developer and cleared a process called “app notarization” that scanned the software for malicious content.

Apple macOS exploited through a security flaw.

A new flaw found by Owens may allow attackers to craft rogue applications that deceive Apple’s Gatekeeper service and gets executed without triggering security alarms.

The trickery involves packaging malicious shell scripts inside an application that you can double click just like a regular application to run these attacks. 

The threat:

Jamf reports that the threat actor known as Shlayer malware has been abusing this Gatekeeper bypass vulnerability, introducing a technique called search engine poisoning, which leads to one in ten macOS systems encountering the adware at least once, according to Kaspersky statistics for 2019.

This attack manipulates search engine results to surface links that when clicked clicks to a portal that asks users to download software updates that look innocent but are actual bash scripts designed to download next-stage payloads, including Bundlore adware.

A more troubling concern is that this infection scheme could be used to deliver more complex threats such as surveillance ware and ransomware.

Users of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.

Leave a Comment

Your email address will not be published.

schedule a meeting us, Leave your details and we'll talk soon.