9 matches found
CVE-2021-30657
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited...
Exploit for Missing Authorization in Apple Mac_Os_X
CVE-2021-30657 A simple POC for CVE-2021-30657 affecting MacOS...
CVE-2021-30657
CVE-2021-30657 is a Gatekeeper bypass in macOS caused by a logic/state-management issue. The vulnerability could allow a malicious, downloaded app to bypass Gatekeeper checks; Apple fixed it in macOS Big Sur 11.3 and Security Update 2021-002 Catalina. The initial advisory notes that Apple is awar...
Metasploit Wrap-Up
Stopped at the gate? A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements...
macOS Gatekeeper Check Bypass Exploit
This Metasploit module serves an OSX app as a zip that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If t...
macOS Gatekeeper check bypass
This module exploits two CVEs that bypass Gatekeeper. For CVE-2021-30657, this module serves an OSX app as a zip that contains no Info.plist, which bypasses gatekeeper in macOS use exploit/osx/browser/osxgatekeeperbypass msf exploitosxgatekeeperbypass show targets ...targets... msf...
Apple Patches Zero-Day MacOS Bypass Bug
Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracke...
CVE-2021-30657
creationtimestamp| type| source ---|---|--- 2021-04-27 11:27:31+00:00| exploited| https://t.me/truesecator/1651 2021-04-27 15:35:04+00:00| seen| https://t.me/SecLabNews/10112 2021-04-27 17:20:13+00:00| exploited| https://t.me/xakepru/10695 2021-05-07 14:18:11+00:00| seen|...
Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers
Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw,...