Apple patches macOS zero-day exploited by malware for months (CVE-2021-30657)

Apple has patched a critical macOS zero-day (CVE-2021-30657) that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking Transparency feature and policy in iOS, iPadOS and tvOS. A zero-day exploited by malware peddlers (CVE-2021-30657) Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper, the macOS’s security feature that verifies downloaded applications before allowing them to run, and bypasses File Quarantine and Application Notarization protections as well.

Read full article on Help Net Security

 


Date:

Categorie(s):