Mac Research
News

Three new zero-days patched by Apple, including XCSSET macOS malware vulnerability

Since the beginning of this year, Apple has published a number of security advisories addressing zero-day vulnerabilities, some of which have been reported as being exploited in the wild before being fixed.

In a new post from Monday, the iPhone maker has released patches for three new vulnerabilities found in macOS and tvOS which, according to the available information have also been exploited by attackers.

For all the three flaws, Apple has confirmed that it knew of reports that the zero-days “may have been actively exploited” but it has not released any information on the attacks or the malicious actors who may have taken advantage of the flaws.

As per the available details, the first two zero-days tracked as CVE-2021-30663 and CVE-2021-30665, are related to the WebKit that has an effect on Apple TV 4K and Apple TV HD devices.

WebKit is a browser rendering engine that Apple uses to render HTML content on both its mobile and desktop platforms, including iOS, macOS, tvOS and iPadOS.

People with malicious intentions may exploit these two vulnerabilities by sneaking in maliciously designed web content that prompts unpatched devices to execute arbitrary code due to a memory corruption flaw.

The third zero-day vulnerability that is tracked as CVE-2021-30713 has an effect on macOS Big Sur machines and addresses an issue related to permissions in the Transparency, Consent, and Control (TCC) framework.

The TCC framework is a macOS system that prohibits installed applications from accessing personal user information without first asking for permissions through the display of a pop-up notification on the screen.

According to the explanations, threat actors might take advantage of this vulnerability by circumventing privacy settings and obtaining sensitive user data through the use of a malicious application.

No specific information has been disclosed by Apple on how exactly the three zero-days have been exploited in attacks.

However, independent researchers have come up with a discovery that the CVE-2021-30713 flaw, related to macOS, has been abused by the recently popular XCSSET malware to bypass the TCC protections of Apple, meant to protect the privacy of users.

As per the explanations, the exploited macOS zero-day allowed XCSSET attackers to bypass user permissions and take screenshots of the desktop, as soon as the malware was installed.

XCSSET is a malware that is known to cybersecurity specialists since last year where it was used in a campaign targeting Mac users via compromised Xcode projects. Back then, XCSSET used two other zero-day vulnerabilities to hijack the Safari web browser and insert malicious JavaScript payloads in it.

Last month, a new XCSSET version was found to function on new Apple-designed ARM Macs. In relation to this, users of Apple products are advised to get the latest security patches as soon as possible to ensure maximum protection against vulnerability exploitations.

Exit mobile version