PT-2021-4941 · Apple · Apple Macos
Cedowens
+1
·
Published
2021-04-26
·
Updated
2025-10-23
·
CVE-2021-30657
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
macOS versions prior to 11.3
macOS versions prior to Security Update 2021-002 Catalina
Description
The issue is caused by a logic error in the implementation of system configuration settings, allowing a remote attacker to bypass security restrictions. A malicious application may bypass Gatekeeper checks. It is reported that this issue may have been actively exploited. The issue is related to a 0-day exploit used by the Shlayer malware.
Recommendations
For macOS versions prior to 11.3, update to macOS Big Sur 11.3 or later to resolve the issue.
For macOS versions prior to Security Update 2021-002 Catalina, apply Security Update 2021-002 Catalina to resolve the issue.
As a temporary workaround, consider restricting the use of Gatekeeper checks until a patch is available.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos