A simple POC for CVE-2021-30657 affecting MacOS
A vulnerability in syspolicyd
allows specially crafted application bundle downloaded from internet to
bypass foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization.
Armed with this capability attackers could hack macOS systems with a simple user (double)-click.
Put your desireable shell script in payload.sh
.
Execute setup.sh
This will generate a bait.dmg that will contain our malicious app bundle.
Share it to the victim through internet.
When victim will double click on app icon after mounting dmg, it will execute the payload script without any gatekeeper's checks.
- macOS Big Sur < 11.3
- Security Update Catalina < 2021-002