Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Hub Image

IOTW: MacOS Security Patches Issued Again

Add bookmark
Lisa Morgan
Lisa Morgan
06/04/2021
MacOS Security Patches

2021 has been tough for Apple, security-wise, as it relates to zero-day exploits. The latest round of malware is able to create an app in Zoom that can secretly record video or audio, take screen shots and gain full disk access. Since the beginning of the year, Apple has had to issue a couple of security patches, first with macOS 11.3 and most recently with MacOS 11.4, both "Big Sur" releases.

The Facts

Since January 9th, hackers have been using Shlayer malware to bypass the Gatekeeper, Notarization and File Quarantine functions in macOS which are designed to prevent users from installing apps that circumvent the Apple App Store. The exploit spreads itself via compromised websites and fraudulent search engine results. When a user clicks on one of the poisonous links, they are prompted with what appears to be a legitimate, branded software update which, when approved by the user, installs the malware.

macOS 11.3, released on May 3, fixed the problem by notifying the user that the application cannot be opened because the developer isn't recognized. Apple might have fixed the problem sooner if it had not dismissed the scope of vulnerable systems. Apparently, Apple knew that the malware affected UNIX systems but it was unaware that derivative operating systems were also affected, including macOS. In addition, there is a sudo flaw which gives regular users administrative capabilities.

The latest exploit necessitated a macOS update to 11.4 on May 24, which prevents XCSSET malware from being installed on a user's device. The spyware is capable of recording Zoom video, taking pictures of the user, gaining full disk access and recording audio. The software, which exploits and hijacks permissions, installs and operates transparently (without notifying users). After that, a human or automated software can record video or audio, take pictures via the camera and gain full disk access.

The latest vulnerability has been listed in the NIST NVE database as CVE-2021-30480. According to the description, this vulnerability must be exploited by someone within the same organization or a person outside the organization who has been accepted as a contact.

Lessons Learned

Apple OSes are not inherently secure – nothing is. For years, Apple PCs were considered more secure than Windows PCs because the latter had a much larger installed base. However, in today's world of iEverything, Apple devices have become targets and users are at risk. 

Quick Tips

  1. Install OS patches immediately. Since the exploits covered in this piece are zero-day exploits, this is the only course of action.
  2. Use the present situation as a teaching moment to remind end users not to install any applications outside the Apple App Store because they haven't been vetted. While the Zoom-oriented vulnerability does not require the user to take any action, the earlier exploit did require the user to explicitly agree to install a software "update."
  3. Remind users to be careful about whom they accept as contacts.
  4. Work with IT to control what applications users can access, such as by setting up an internal marketplace of approved apps. When executed well, users still have a "choice" of which apps they use while IT and cyber security maintain centralized control of apps.
  5. Monitor device and application use for anomalous application and user behavior.
  6. Make sure antivirus software is updated.
Tags: Exploit Malware Spyware Zero Day 0 Day Zero Day Exploit Vulnerability Mac world cyber world MacOS security Cyber security for mac Shlayer malware nist macos security
info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":0,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy