Apple has released MacOS 11.3 which patches a critical zero-day bug that allows malware to bypass the built in Gatekeeper and Notarization protections designed to protect users from malicious software.
The bug is already under active attack from Shlayer malware and because it is trivial to replicate, you can expect to see a slew of copycat malware attempting to infect Mac systems before MacOS 11.3 is installed to fix the problem.
First reported by security researcher Cedric Owens, the vulnerability (CVE-2021–30657) results from a logic flaw in the way the Apple OS checks a downloaded file to determine whether it contains executable code and requires to be checked for Notarization. Notarization is Apple’s system for checking applications signed with valid developer ID’s to confirm they are not malicious.
Simply by creating a malformed application package that is missing some optional elements, a logic flaw in the operating system can be exploited which bypasses the security checks allowing the malware application to execute. A detailed blog post from Mac security researcher Patrick Wardle explains how the exploit works.
Apple has fixed the vulnerability in MacOS Big Sur 11.3 and MacOS Catalina update 2021-002 which are available for download now.