Attacker Value
High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2021-30657 — Malicious applications may bypass Gatekeeper checks

Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Privilege Escalation
Techniques
Validation
Validated

Description

macOS versions prior to 11.3 contain a vulnerability in an unspecified component of System Preferences which, when exploited, results in privilege escalation and the ability to bypass Gatekeeper — the macOS built-in malware detection and prevention service.

Add Assessment

3
Ratings
Technical Analysis

Rating this vulnerability as high since it bypasses all of the checks that MacOS performs on downloaded files. It was reportedly introduced in MacOS version 10.15, and the fix is in version 11.3. This vulnerability has also been reported as being exploited in the wild.

An unsigned, unnotarized binary downloaded from the Internet is typically blocked from execution; however a script-based app with no Info.plist file bypasses those checks. To read about how that exactly happens, see the objective-see blog post here. This does require user interaction for success, but all it takes is a download and a double click. Additionally, an exploit is quite trivial to make, as all it really needs is a valid app without the Info.plist file bundled with it. As always, install your updates.

General Information

Exploited in the Wild

Reported by:
Reported: April 28, 2021 6:50pm UTC (1 week ago) Edited 6 days ago
Reported: April 30, 2021 1:53pm UTC (5 days ago)
Reported: April 30, 2021 2:25pm UTC (5 days ago)

Additional Info

Technical Analysis