![]() However, users tended to overlook this warning and always gave their permission which oftentimes resulted in malware getting inside the system. The File Quarantine feature was first introduced with the release of OSX (10.5 version) and its function is to show a pop-up that asked the user for explicit permission before a newly-downloaded file could be executed. However, the CVE-2021-30657 flaw seems to be able to bypass all three of the main protective features of the system – something that has been very rarely observed throughout the years. In general, Apple is a company that heavily focuses on the security of its products and the security features of macOS are known as highly effective and capable of stopping nearly all incoming threats without the need for third-party antivirus software. Once this is done, the infection would be complete and there would be no warning from macOS’s protection features to notify the user that something might be wrong.Īccording to Wardle’s detailed report on the problem, the discovered bug could be used to bypass the Notarization, the Gatekeeper, and the File Quarantine macOS security features, which are the main protective barriers between incoming threats and the targeted system. ![]() dmg file and then start the fake application that’s in it. One possible way to use this flaw is for phishing – all the user has to do is open an infected. The reason why this particular vulnerability is so problematic is that it can allow a potential attacker to craft a malicious payload that the security features of macOS wouldn’t be able to detect.Īccording to Patrick Wardle, a security specialist at Apple, the flaw can be exploited to bypass even the strongest protection features of the macOS system.Īfter Owens asked Wardle to further investigate the bug, it was discovered that the flaw can be used to successfully infiltrate macOS Catalina (specifically version 10.15.7) and macOS Big Sur )prior to the 11.3 Big Sur update). The flaw was patched out by Apple with the macOS 11.3 update which was released on Monday. The discovered bug is tracked as CVE-2021-3065. ![]() The first one to discover this vuln is Cedric Owens, a security researcher. The patched-out flaw has been getting exploited for the past couple of months by a version of the infamous Shlayer adware dropper. A serious vulnerability in the MacOS that could allow hackers to enter the system by bypassing its security and anti-malware features was recently patched out by Apple.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |