The giant tech company Apple, which is known for high-level security on its devices, has fixed a flaw back in September. The flaw which could be tracked as CVE-2021-30853 was letting the malicious scripts run in the system without alarming the Gatekeeper, macOS security app.
Gatekeeper just sleeps
The flaw was found and reported by Box Offensive Security Engineer Gordon Long. With this flaw, the Gatekeeper does not alarm if a script starts with a shebang (!#) character and leaves the rest of the line empty. Leaving this line empty leads the Unix shell to run the script without specifying a shell command interpreter.
macOS 11.6 update, released in September 2021, has fixed this issue. macOS 12 beta 6 is also safe. The users of older macOS versions should be aware since the bug is quite easy to exploit. The bug also has the potential to download and run even more dangerous malware, completely bypassing the Gatekeeper.