Skip to main content

Apple fixes macOS security flaw behind Gatekeeper bypass

posted onDecember 23, 2021
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems.

If they circumvent automated notarization security checks (which scans for malicious components and code-signing issues), the applications are allowed to launch by Gatekeeper, a macOS security feature designed to verify if downloaded apps are notarized and developer-signed.

Once malicious script-based apps targeting the bypass flaw (CVE-2021-30853) are launched on a target's system, they can be used by attackers to download and deploy second-stage malicious payloads.

Source

Tags

Security Apple

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th