Apple released the newest versions of its operating systems on Monday, and macOS 11.3 patches a major security flaw. Install it as soon as possible (via Mashable).
macOS 11.3 Update
In his latest blog post, security research Patrick Wardle explains the security issue that was discovered by Cedric Owens. It lets an attacker bypass Mac security protections like File Quarantine and Notarization, as well as preventing Gatekeeper from displaying a warning. It doesn’t bypass Gatekeeper’s malware detection tool XProtect, though.
Gatekeeper is a macOS feature that scans any app, plug-in, or installer from outside the App Store to make sure it comes from a verified developer. Theses apps must be notarized by Apple to verify that it is free of malware and hasn’t been altered in a malicious way, like a data file that’s actually executable code.
In a proof-of-concept, Mr. Wardle shows how a file downloaded from the internet that looks like an innocent PDF can launch an app like Calculator. Opening apps isn’t the only thing attackers can do with this flaw; they could launch ransomware, steal credit card information, and other personal data.
However, macOS 11.3 released on Monday fixes this flaw.