#VU52653 Security features bypass in macOS - CVE-2021-30657

Cybersecurity Help s.r.o.

Published: 2021-04-27 | Updated: 2021-11-08

Vulnerability identifier: #VU52653

Vulnerability risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2021-30657

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

External links
https://support.apple.com/en-us/HT212325
https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in macOS