Apr 27, 2021
Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw, identified as CVE-2021-30657 , was discovered and reported to Apple by security engineer Cedric Owens on March 25, 2021. "An unsigned, unnotarized, script-based proof of concept application [...] could trivially and reliably sidestep all of macOS's relevant security mechanisms (File Quarantine, Gatekeeper, and Notarization Requirements), even on a fully patched M1 macOS system," security researcher Patrick Wardle explained in a write-up. "Armed with such a capability macOS malware authors could (and are) returning to their proven methods of targeting and infecting macOS users." Apple's macOS comes with a feature called Gatekeeper , which allows only truste