Apple has fixed a huge security flaw in macOS Big Sur 11.3, which previously allowed malicious apps to bypass most security protections on Macs. Shlayer malware was found to have actively exploited this security bug, which let apps run without permissions, even if they are not notarized by Apple.
Security flaw in macOS Big Sur 11.3 had been actively exploited for months by malware
It has been a challenging few months for Apple when it comes to security for iOS and macOS. Many zero-days are being reported and fixed by Apple which have been actively exploited by hackers. Although Apple has implemented a lot of gatekeeping in its operating systems to ensure that malicious apps can not roam free, this specific security flaw allowed malware to bypass all checks and run silently in the background.
As reported by TechCrunch, Shlayer malware posed as harmless documents which bypassed all macOS defense when the documents were opened. There were absolutely zero prompts or notifications to the end-user. Security researcher Cedric Owens built a proof-of-concept app that appeared as a file document but launched macOS Calculator app when opened. Owens had reported the issue to Apple, after which the company included a fix in macOS Big Sur 11.3, and even released updates for older macOS versions. The company also updated rules for XProtect in macOS to detect and block malware from running.
The issue originated from a miscategorization of app bundles and security checks, which allowed apps to run as if they are reliable and trustworthy. This is why users were not shown a Gatekeeper alert, which exists to ensure that unreliable apps are blocked from running in macOS.
Jamf, an Apple Device Management service provider, said that the issue had been actively exploited as per a sample of Shlayer malware discovered in January. Shlayer malware injects ads into browsers, even when users are visiting security websites, to make money off them.
At the time of writing, Apple has not listed the security updates in macOS Big Sur 11.3 on its support website. We will update this post with more details once Apple publishes them.
As a rule of thumb, do not download and run files from untrusted sources. Make sure to update to macOS Big Sur 11.3 as soon as possible to ensure that you are protected from such malware.
Update: Apple has posted details of the security fixes in macOS Big Sur 11.3, and there are more than 50 fixes included.