Apple has fixed a zero-day vulnerability in macOS exploited by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability (tracked as CVE-2021-30657).

As noted by security researcher Patrick Wardle, this vulnerability is the result of a logic flaw in the Gatekeeper function that verifies application launch rights to run on macOS systems. Apple has released a security update to fix the vulnerability in macOS Big Sur 11.3.

The company fixed another WebKit zero-day bug tracked as CVE-2021-30661, impacting iOS, iPadOS and watchOS devices and allowing arbitrary code execution. Security vulnerability was fixed in iOS 14.5, iPadOS 14.5 and watchOS 7.4.

Source: bleepingcomputer.com