Threat Watch

Apple Addresses Zero-Days Actively Exploited in Security Update

On Monday, May 24th Apple released a security update for macOS, iOS, tvOS, and watchOS, adding fixes for 58 vulnerabilities. CVE-2021-30664 and CVE-2021-30665 involve WebKit on Apple TV 4k and Apple TV HD devices allowing for maliciously crafted content to obtain arbitrary code execution on devices affected.

CVE-2021-30713 bypasses Transparency Consent and Control (TCC) impacting macOS Big Sur, which can be exploited by attackers for privilege escalation without requiring user interaction. This flaw allows attackers full disk access including control of screen recording and microphone access. What’s more, XCSSET which was discovered earlier this year, is actively exploiting this vulnerability along with a Gatekeeper bypass, which is still possible today.

ANALYST NOTES

With the string of vulnerabilities involving Apple recently highlighting the need for enterprise focus on macOS security, Apple is working with researchers efficiently to correct these issues with timely updates. It took Apple just six days to fix part of the Gatekeeper bypass that was being exploited by XCSSET. The important thing to note as both a macOS user and enterprise operators is that macOS is not exempt from the same threats as Windows based systems. At the very least, macOS is a very target rich environment for initial compromise into a network. Plenty of malware has been observed lately taking advantage of cross-platform compilation such as Golang-based or Rust-based malware. EDR Software can monitor macOS logs but in order to provide a robust defense in depth approach to security, proactive defensive measures are a must. A counterintelligence team along with threat hunting greatly reduces the risk of compromise and reducing damage caused by breaches when they occur. Binary Defense stands ready with such teams offering expertise in both macOS and Linux based system security rounding out security services that are critical in today’s operational environment.

https://www.bleepingcomputer.com/news/security/apple-fixes-three-zero-days-one-abused-by-xcsset-macos-malware/