Maria Dantini, 85, of New Canaan, Ct. passed away on April 1st, 2023 during recovery from emergency surgery a month prior. Maria was born on April 13, 1937, to Maria and Luigi Casatelli, in Ausonia, Italy. She went to the Sanctuary of the Madonna del Piano with the nuns from primary to the end […]
minute read
Share this article:
A variant of Mac No. 1 threat Shlayer since January already has been exploiting the vulnerability, which allows payloads to go unchecked through key OS security features.
Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months.
Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021–30657 and patched in macOS 11.3, an update dropped by Apple on Monday. The vulnerability is particularly perilous to macOS users because it allows an attacker to very easily craft a macOS payload that goes unchecked by the strict security features built into the OS specifically to keep malware out.
A software bug let malware bypass macOS security defenses yahoo.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from yahoo.com Daily Mail and Mail on Sunday newspapers.
A software bug let malware bypass macOS’ security defenses
Old malware, new tricks
Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS’ newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple’s watch.
Worse, evidence shows a notorious family of Mac malware had been exploiting this vulnerability for months before it was subsequently patched by Apple this week.
Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. Indeed, macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn’t reviewed the app a process Apple calls notarization or if it doesn’t recognize its developer, the app won’t be allowed to run without user intervention.