Apple Patches Worst Zero-Day Bug In Recent Memory
May 20, 2021
Compliance
Compliance Twitter
Photo: Apple
There s one industry that has a particular knack for getting its hands on clever software vulnerabilities in macOS: the adware industry.
That ability has been demonstrated once again as Apple today patched a zero-day vulnerability, CVE-2021-30657, that allows an attacker to effortlessly route around three critical anti-malware defenses in macOS: Notarization, Gatekeeper and File Quarantine.
It was first discovered by Cedric Owens, a lead offensive security engineer with Twilio, who reported the bug to Apple. It has been patched in macOS 11.3, which was released on Monday.
minute read
Share this article:
A variant of Mac No. 1 threat Shlayer since January already has been exploiting the vulnerability, which allows payloads to go unchecked through key OS security features.
Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months.
Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021–30657 and patched in macOS 11.3, an update dropped by Apple on Monday. The vulnerability is particularly perilous to macOS users because it allows an attacker to very easily craft a macOS payload that goes unchecked by the strict security features built into the OS specifically to keep malware out.
Signal Founder Says Cellebrite s Forensics Tools Flawed Twitter Get Permission
Signal creator Moxie Marlinspike speaking at The Cryptographer s Panel at RSA Conference 2018 (Photo: Mathew J. Schwartz/ISMG)
Law enforcement agencies use digital forensics tools from the Israeli company Cellebrite to gain access to locked mobile devices and extract data as part of evidence-gathering during the course of an investigation. But in a shot across the bow to the vendor s business model, Moxie Marlinspike (@moxie), creator of the encrypted messaging app Signal, says flaws in Cellebrite s devices call into question whether the data the tools extract can be considered reliable - for example, in court.
Signal Founder Says Cellebrite s Forensics Tools Flawed govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.