An expert explains a problem in macOS that could allow malware to get through Gatekeeper’s security

Apple reportedly patched a security flaw in its macOS operating system that can be exploited by a threat actor who could bypass fundamental macOS security protections and run arbitrary code. 

On Thursday, security researcher Patrick Wardle revealed the discovery in a series of tweets. The vulnerability is identified as CVE-2021-30853 (CVSS score: 5.5). It concerns a scenario in which a malicious macOS software might bypass Gatekeeper checks, which ensure that only trusted apps are run and that they have passed an automatic procedure known as “app notarization.”

Threat actors can take advantage of this flaw by tricking their victims into downloading a rogue app disguised as Adobe Flash Player updates or trojanized versions of legitimate apps like Microsoft Office. It can then be delivered using a technique known as search poisoning, in which attackers artificially boost the search engine ranking of websites hosting their malware in order to attract potential victims.

However, the iPhone maker claimed it patched the problem with better checks as part of macOS 11.6 updates, which were formally released on September 20, 2021 and credited Gordon Long of Box with reporting the flaw.

“Such bugs are typically particularly impactful to regular macOS users because they allow adware and malware producers to evade macOS security mechanisms,…mechanisms that would otherwise impede infection efforts,” Wardle wrote in a technical write-up of the flaw.