Apple has released a patch for a zero-day vulnerability in its macOS systems that could allow attackers to bypass anti-malware protections set in place. According to Apple, the notorious Mac threat Shlayer adware dropper has already been exploiting the vulnerability for several months. Therefore, Apple urges its customers to implement the patch immediately and mitigate further risks of an attack. The flaw is tracked as CVE-2021-30657 and the patch for it was released on Monday.

The vulnerability was discovered by security researcher Cedric Owens. Owens found that the bug is particularly dangerous to macOS users as the attacker is provided with a very easy route to crafting a macOS payload that surpasses secure features built into the OS by Apple to keep malware off users’ systems. Owens stated that he tested his exploit for the bug successfully on macOS Catalina 10.15 and on versions of macOS Big Sur before version 11.3.