Apple pushed out the highly anticipated iOS 14.5 update for iOS devices this week. Tap or click here to download iOS 14.5 and unlock a powerful new privacy feature. While all the focus was on the iOS update, a security flaw for Mac systems flew under the radar.
Apple’s macOS also received an update, bringing the latest version to 11.3, and it includes a hefty amount of security fixes. The most troublesome of the flaws include a bug that can bypass your Mac’s security features.
Security engineer Cedric Owens discovered the bug last month and reported it to Apple. All indications point towards the exploit already used by cybercriminals in zero-day attacks. That alone makes it imperative that you update.
Here’s the backstory
The bug received the designation of CVE-2021-30657 by Apple and explained that “a malicious application may bypass Gatekeeper checks.”
Owens called his bug the ‘macOS Gatekeeper Bypass (2021 Edition)’ and detailed what the exploit is capable of in a blog post. He also praised Apple for fixing the problem quickly, as he reported his find to Apple only last month.
The exploit allows a hacker to access your Mac by creating a malicious file that Mac’s Gatekeeper won’t check. The Gatekeeper is a security feature on macOS that makes sure downloaded applications are verified and clean before running.
“Patrick Wardle dug deeper into this bug and found that the bug was a logic bug in the policy subsystem (in syspolicyd) that essentially allowed ‘fake apps’ crafted in the manner identified in this post to get executed and bypass Gatekeeper,” Owens explained in his blog post.
What the Mac exploit can do
The malicious payload can be sent to victims through phishing attempts, and all the victim must do to trigger the code is double click to open the file or the fake app. Owens explained that Mac wouldn’t display any pop-ups or warning about a potential security breach.
What that means is a hacker could create malware that your Mac won’t detect. This naturally puts your machine and all your data at risk.
“So even worst-case scenario where the user has not granted Terminal full disk access or access to any folders, this payload would still be capable of accessing sensitive files in the user’s home directory,” Owens concluded.
The macOS Big Sur 11.3 update contains a host of other bug fixes and security patches. Here is how to download the latest update:
- On your Mac, click on the Apple menu and go to System Preferences.
- From there, click on Software Update.
- The latest update version should be available. Click on Update Now.