Apple macOS users have been urged to update their Macs to ensure protection against a zero-day vulnerability that has been exploited by attackers since at least January.

The flaw allows hackers to bypass a set of macOS security protocols and deploy malware on affected machines. It may be one of the worst vulnerabilities to hit Apple computers in years.

Security researcher Cedric Owens identified the security bug in March, noting that it affects "all recent versions of macOS," including macOS versions 10.15 Catalina through 11.2 Big Sur, released in October 2019 .

Normally, macOS security mechanisms such as Gatekeeper and File Quarantine block malicious files and unsigned software from being installed on a Mac. However, Owens discovered that this zero-day flaw allows these failures to be circumvented, creating a malicious file that can be clicked on and executed without the macOS security warning.

Owens attributed this to a logic error in the macOS code that caused the system to misclassify the malware, creating a workaround for Apple's defenses.

As we have previously mentioned, such "Trojan horse" apps play a key role in letting malware take the keys to the machine.

We have seen crypto-casinos planted in seemingly harmless children's apps in the App Store, not to mention the recent news of a fake Netflix app that spreads malware to Android phones.

In short, apps are attractive to scammers: if they can convince users to download or run an app that is not in the App Store, or if they can be wedged in between other App Store apps to make them look like legitimate apps, they provide an easy entry point to exploit users' machines Apps are attractive to fraudsters because they can provide an easy entry point to exploit a user's machine. This is where built-in security measures come into play, essentially protecting the user from themselves.

This time Owens discovered that Gatekeeper was unable to properly check certain scripts in the app. He used a tool called Appify, which in 2011 provided a legitimate tool that bypassed Gatekeeper's checks and allowed developers to create basic apps with just scripts.

Owens took his knowledge of these past vulnerabilities with him and created a test program that hid malware in seemingly harmless documents.

Owens was able to pass the latest macOS software even with Gatekeeper on its most stringent security settings. No warnings were issued, and the malware provided Owens with remote control of the Mac, bypassing Apple's defenses.

A tweet from Mac security researcher Patrick Wardle shows the attack in an animated GIF. The calculator app pops up, meaning the remote attacker has full control of the machine. (Wardle also wrote a detailed blog post on how this flaw can be exploited.)

Owens immediately informed Apple of the bug. Cupertino released macOS Big Sur 11.3 yesterday (April 26) with a patch that squashes this bug, along with several other fixes.

The new macOS Big Sur 11.3 update is freely downloadable on all eligible Macs using the Software Updates section of System Preferences.

If you are using a macOS machine, we recommend that you update it as soon as possible. This is especially important because of the active exploitation of zero-day flaws.

Zero-day flaws tend to be discovered and patched before they are exploited. In this case, however, the bug is being exploited by hackers.

Security firm Jamf Protect reports that the flaw has been actively exploited since January 9, 2021; Shlayer, a notorious piece of macOS malware, was the preferred attack vector for cyber attackers who took advantage of this zero-day vulnerability. 33] [

Jamf's security team observed that this "exploit is being used in the wild by variants of the Shlayer adware dropper."

The exploit is also being used in the wild by a variant of the Shlayer adware dropper.

Like most attack vectors that deliver adware payloads, this malware was introduced to make money for the crooks through fake clicks and fake ad views.

Despite the results of this survey, it is still unclear how many machines overall were affected.

Our advice, as always, is to not download anything from untrusted sources and always make sure your system is on the latest OS version. But even that is not always enough to deter sophisticated and determined hackers from trying to plunder access to your system.

Details Chrome and Edge Hacked by New Zero-Day Flaw - What to Do