A software bug let #malware bypass macOS security defenses

With knowledge of how the bug works, Wardle asked Mac security company Jamf to see if there was any evidence that the bug had been exploited prior to Owens' discovery. Jamf detections lead Jaron Bradley confirmed that a sample of the Shlayer malware family exploiting the #bug was captured in early January, several months prior to Owens' discovery.

Shlayer is an adware that intercepts encrypted web traffic - including HTTPS-enabled sites - and injects its own ads, making fraudulent ad money for the operators.

All the user would need to do is double click - and no #macOS prompts or warnings are generated

https://techcrunch.com/2021/04/26/shlayer-mac-malware-macos-security/