[jdlshore]

Fascinating article. Short version: there was a bug in the part of Apple’s Gatekeeper code that checked whether a file was an application bundle. Bundles that only contained a script, and not a plist file, were considered “not a bundle,” and this bypasses the Gatekeeper checks.

The issue is fixed in the latest version of Big Sur. Be sure to upgrade. It’s being exploited in the wild.

[submeta]

What about macOS Catalina users? Any updates / fixes for them? Do you happen to know?

[phnofive]

It appears this behavior was introduced in Catalina, so I’d assume a complimentary fix to 11.3 will be available for 10.x - no word on timing AFAIK.

[ilikepi]

Security Update bundles were released for Catalina and Mojave as well.

The list of security fixes for the Big Sur update 11.3 has three entries mentioning Gatekeeper: https://support.apple.com/en-us/HT212325

...whereas the list for Catalina has only one: https://support.apple.com/kb/HT212326

[therealmarv]

The bad thing is: They patched Catalina less than Big Sur with the new update :(

Compare "Gatekeeper" fixed issues here:

https://support.apple.com/en-us/HT212326 Catalina

https://support.apple.com/en-us/HT212325 Big Sur

Feels for me that they only patched one part of it on Catalina but gates are more open on the older macOS. Really don't like that.

[LeoPanthera]

Is this how early versions of the Zoom installer bypassed gatekeeper for a zero-click install?

[Xeago]

That worked by using the preinstall check that Installer.app invokes to do the installation. It would finish by force quitting Installer.

[benatkin]

> Be sure to upgrade.

This is a technical crowd, so some of us don't need to rush to download things like this. I'll upgrade when it's convenient, thank you very much.

[sildur]

Funny that when you started with "this is a technical crowd" I thought you will continue with "we don't need to be reminded to upgrade".

[hoka-one-one]

I usually hack the hackers first

[dizzystar]

We may be technical, but we are beholden to products we use as well. Being technical can also mean we are more aware of the dangers of upgrading too soon.

[puszczyk]

Why is the technical crowd less in need of an upgrade? My proverbial “grandmother” only accesses her gmail and one news page. Arguably she’s at less risk than someone testing new software.

[healsjnr1]

Given the ease and severity of this I don't think being technical does anything for you.

I am grateful for the "upgrade now" message being pushed it. As a technical user I can't trust my skills and knowledge to truly keep me safe from this one.

[tinus_hn]

How did you ever survive all that time where you had to decide for yourself whether to run a program or not, without Gatekeeper holding your hand?